02-10-2012 08:36 AM - edited 03-10-2019 06:48 PM
Hi Netpro
I have router locked (telnet and console) due to aaa-new model configuration , how to unlock this router , i nned to access it through the network
N:B,I have on the router local user name in the Database
Thanks
02-10-2012 08:58 AM
Hello,
You can either disconnect or make the TACACS+/RADIUS server unavailable for the IOS to fallback to the local IOS accounts and access the device. For this to work you should have configured "local" as a fallback method on the AAA Command.
If not, a reboot might be needed (if you did not save the configuration after adding the AAA Commands) for you to access the device before activating AAA.
If this was helpful please rate.
Regards.
02-10-2012 10:39 AM
Thanks for your reply carlos,i saved the config so the restart is none sense
02-10-2012 10:41 AM
Hello,
Do you have the configuration you used at handy for you to share it with us? Also, which Authentication server are you using (ACS, NPS, IAS, Free Radius)?
Regards.
02-10-2012 11:07 AM
the AAA Server is ACS 4.2
02-10-2012 11:48 AM
Hello,
You can stop the ACS services from System Configuration > Service Control > Click "Stop" in order to simulate an outage on the server side.
If you configure your IOS AAA commands with "group tacacs+" and then "local" as a fallback method, you should be able to access the device with the local usernames defined on the IOS configuration.
NOTE: If you are not able to access the IOS device after the above a password recovery might be needed on the IOS device.
If this was helpful please rate.
Regards.
02-11-2012 01:44 AM
Hi Carlos
I will update y
02-11-2012 08:53 AM
i have question why we need password recovery if the above doesn't work
02-12-2012 03:17 AM
Hi Jamil
If you do not have 2 types of authentications ( tacacs with local fallback for example ) stoping the ACS service will not be usefull for you. If you have configured tacacs with local fallback , when stoping the ACS service you will be able to use the local user for login. If you are in the first case ( tacacs only ) your only option is password recovery.
Dan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: