problem to telnet a router when only aaa new-model command added

amar.dendoune · ‎10-16-2002

Hello all,

I have a router 2500 running ios version c2500-i-l_112-16.

the router is configured as follow to allow telnet session :

...

enable password *****

!

line vty 0 4

password ******

login

...

I added the command line "aaa new-model" to check the aaa command available with this IOS version.

I left the routeur without configuring any aaa command but i forgot to remove

the command "aaa new-model".

Now, when we are trying to telnet the router we are prompted to enter

username and not the vty login password.

Therefore i am not able to log into the router anymore.

How can this is possible and how can i telnet the router ?

Is there any workaround to bypass this ?

Thanks in advance for your help.

Amar.

jekrauss · ‎10-18-2002

Once you enable aaa new-model, then by default, the router will use local authentication. Consequently, the easiest thing to do is create a local user:

username barney password rubble

Alternatively, you could just configure no authentication:

aaa authentication login default none

Now, there is no way to telnet into the router until you reconfigure it, as described above.

In order to reconfigure, you will need physical access, and you will need to execute the password recovery procedure for your router type:

http://www.cisco.com/warp/public/474/

Of course, if you did not yet save the config (just exited), you could just reboot :)

HTH

Jeff

amar.dendoune · ‎10-20-2002

Thank you Jeff for your support.

I have rebooted the router since the configuration was not saved.

There were no username configured locally so :-(

Best regards,

Amar.