Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

A network accident scenario!!! Who modified the running-configuration file?

You got a call that a part of a building is down. When you went inside the switch room you found that the A/C was switched off and the room was very hot.

All PCs can "only" ping the management VLAN of the site's access switch (in case you set static IPs for each PC), furthermore; no internet access.

You logged in the switch and noticed that the configuration was changed. After making "show run" and "show startup" you found that the configuration on the RAM do not match the one on the NVRAM.

After solving the issue you asked your colleague to check the TACACS server to get the information of the person who changed the configuration. "No one logged in before the accident, actually no one attempt to login at all", your colleague said.

Your manager got an email from the access control team of the organization that no one was inside the room physically. 

 

Who modified the running-configuration file?

Notice that the SNMP wasn’t active during the period of the accident.

 

All the best

user-image
Question ajoutée par Musa'ab Satti , Network Engineer , Ebttikar Technology Company
Date de publication: 2015/12/06
Omer Mustafa
par Omer Mustafa , Network & Security Engineer , Computer & Communications systems, CCS

Hi , for this weird scenario I think nothing happened except the configuration register was changed and wasn't return back to the right register , So it need to be returned back . Sometimes there is a bug on some ios that affect the config register

Musa'ab Satti
par Musa'ab Satti , Network Engineer , Ebttikar Technology Company

I'm sorry, this isn't the right answer. Thank you for participating in my post Mr. mohammed yasein 

mohammed yasein
par mohammed yasein , N/A , N/A

it could be that the last modification made wasn't actually saved or the switch is not configured with AAA

, in some configurations if the connection to the tacacs server was lost the next option for authentication in none , it depends of how the devices are configured

More Questions Like This