topic Re: AAA Password Recovery in Network Access Control

AAA Password Recovery

Tristan Apostol — Wed, 18 Jan 2023 02:21:34 GMT

Hi Guys,

someone config the AAA Authentication in cisco catalyst 2960 switch, unfortunately the IT who config the AAA forgot the username and password. can I recover the username password without reboot or shutdown the switch?

Re: AAA Password Recovery

Kasun Bandara — Wed, 18 Jan 2023 02:37:42 GMT

if AAA configured to use external AAA server, you can reset password there. if its local, you can login to switch using console or any other admin account and do the reset. if this is the only local account and no any remote or other admin accounts, you need to do reset by restarting.

Re: AAA Password Recovery

Arne Bier — Wed, 18 Jan 2023 03:35:12 GMT

I don't quite understand what "forgot the username and password" means in this context. If AAA is configured correctly, then the AAA server will process the request - the issue is not with the switch. Change the password on the AAA or in AD (or whereever the username/password resides).

If there has been a mistake with the AAA configuration and this preventing AAA from working (and if AAA is so badly configured that even the local account is not allowed) then you can do one thing - go into the AAA server and untick the protocol that is used to manage that switch's device admin. e.g. if it's TACACS+, then untick the TACACS+ protocol. That would have the effect of forcing the switch to use the local admin credentials, giving you a chance to log back into the switch (assuming of course you have the correct local switch account details)

Re: AAA Password Recovery

danfly09 — Thu, 13 Mar 2025 21:50:46 GMT

Not if you kept fallback to local disabled... 🤦🏼‍♂️. Waiting for downtime now to do a reboot and hopefully the conf wasn't saved.