cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1359
Views
12
Helpful
8
Replies

locked (telnet and console) due to aaa-new model configuration

Ibrahim Jamil
Level 6
Level 6

Hi Netpro

I have router locked (telnet and console) due to aaa-new model configuration , how to unlock this router , i nned to access it through the network

N:B,I have on the router local user name in the Database

Thanks

8 Replies 8

camejia
Level 3
Level 3

Hello,

You can either disconnect or make the TACACS+/RADIUS server unavailable for the IOS to fallback to the local IOS accounts and access the device. For this to work you should have configured "local" as a fallback method on the AAA Command.

If not, a reboot might be needed (if you did not save the configuration after adding the AAA Commands) for you to access the device before activating AAA.

If this was helpful please rate.

Regards.

Thanks for your reply carlos,i saved the config so the restart is none sense

Hello,

Do you have the configuration you used at handy for you to share it with us? Also, which Authentication server are you using (ACS, NPS, IAS, Free Radius)?

Regards.

the AAA Server is ACS 4.2

Hello,

You can stop the ACS services from System  Configuration > Service Control > Click "Stop" in order to  simulate an outage on the server side.

If you configure  your IOS AAA commands with "group tacacs+" and then "local" as a  fallback method, you should be able to access the device with the local  usernames defined on the IOS configuration.

NOTE: If you are not able to access the IOS device after the above a password recovery might be needed on the IOS device.

If this was helpful please rate.

Regards.

Hi Carlos

I will update y

i have question why we need password recovery if the above doesn't work

Hi Jamil

If you do not have 2 types of authentications ( tacacs with local fallback for example ) stoping the ACS service will not be usefull for you. If you have configured tacacs with local fallback , when stoping the ACS service you will be able to use the local user for login. If you are in the first case ( tacacs only ) your only option is password recovery.

Dan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: