Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4886
Views
0
Helpful
1
Replies

access to switch locked out

Go to solution
donaghq_2
Level 1
Level 1

‎12-18-2002 06:25 AM - edited ‎03-10-2019 07:05 AM

Hi

I recently installed a cat2924XL. I was configuring tacacs when I got distracted and the session timed out - now I cannot get in to the switch! The only part I had configured was aaa-new model and aaa authentication login secure line. Unfortunately I did not have login authentication secure configured on either the cty or vty lines. Is there any way around this other than breaking into the device - understandably I do not want to take the device down!!

Thank You

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
4brown
Level 1
Level 1

‎12-18-2002 06:49 AM

If you wrote your config, a password recovery is required. If not, you'll have to reboot.

It is always a good idea to setup a local account as a back door method as well. This is useful if AAA negotiation encounters an 'Error' then it will seek the next method. Some examples of this are if you have the improper key in the device matched to the AAA server, or network connectivity is down to the AAA server.

Personally, I like to turn off aaa on the console port for this particular reason. Granted, this may circumvent a security policy, but if someone has physical access to the console, they can break in anyhow.

Here is how :

aaa authentication login NO_AUTHEN none

line con 0

login authentication NO_AUTHEN

if using EXEC or Command authorization, they should be disabled on the console port as well.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
4brown
Level 1
Level 1

‎12-18-2002 06:49 AM

If you wrote your config, a password recovery is required. If not, you'll have to reboot.

It is always a good idea to setup a local account as a back door method as well. This is useful if AAA negotiation encounters an 'Error' then it will seek the next method. Some examples of this are if you have the improper key in the device matched to the AAA server, or network connectivity is down to the AAA server.

Personally, I like to turn off aaa on the console port for this particular reason. Granted, this may circumvent a security policy, but if someone has physical access to the console, they can break in anyhow.

Here is how :

aaa authentication login NO_AUTHEN none

line con 0

login authentication NO_AUTHEN

if using EXEC or Command authorization, they should be disabled on the console port as well.

0 Helpful
Customers Also Viewed These Support Documents