Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2408
Views
10
Helpful
4
Replies

AAA lock out recovery

Go to solution
utawakevou
Level 4
Level 4

‎02-04-2018 08:13 PM - edited ‎03-05-2019 09:52 AM

Been working on activating AAA via RADIUS access to my Nexus and Cisco 3750 and a 2800 router. Works well but I did a change on the 2800 and now I'm locked out of it as  I get authenticated when login in but the enable  password (local) doesn't work

 

Ran the "show aaa method-lists authentication" on the prompt and this shows up


authen queue=AAA_ML_AUTHEN_LOGIN
name=default valid=TRUE id=0 :state=ALIVE : SERVER_GROUP ROLE_ICT_Network_Equipment_Access
name=console valid=TRUE id=A000001 :state=ALIVE : LOCAL
authen queue=AAA_ML_AUTHEN_ENABLE
name=default valid=TRUE id=0 :state=ALIVE : SERVER_GROUP radius SERVER_GROUP ROLE_ICT_Network_Equipment_Access
authen queue=AAA_ML_AUTHEN_PPP
authen queue=AAA_ML_AUTHEN_SGBP
authen queue=AAA_ML_AUTHEN_ARAP
authen queue=AAA_ML_AUTHEN_DOT1X
authen queue=AAA_ML_AUTHEN_EAPOUDP
authen queue=AAA_ML_AUTHEN_8021X
permanent lists
name=Permanent Enable None valid=TRUE id=0 :state=ALIVE : ENABLE NONE
name=Permanent Enable valid=TRUE id=0 :state=ALIVE : ENABLE
name=Permanent None valid=TRUE id=0 :state=ALIVE : NONE
name=Permanent Local valid=TRUE id=0 :state=ALIVE : LOCAL

 

Seems like my fall back to the local didn't work as well. Any help will be really appreciated

 

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎02-05-2018 12:15 AM

Hello,

 

try and disconnect the router from any network connection, then connect via console and see if local authentication works. 

Rebooting the router might helped if you haven't saved the AAA configuration to memory.

 

If anything else fails, do a password recovery: Which 2800 do you have (the ISR or the old model) ?

View solution in original post

Go to solution
Georg Pauwen
VIP
VIP
In response to utawakevou

‎02-05-2018 12:47 PM

Hello,

 

yes, the password recovery access will give you local admin access through the console port. Procedure is in the link below:

 

https://www.cisco.com/c/en/us/support/docs/routers/2600-series-multiservice-platforms/22188-pswdrec-2600.html

View solution in original post

4 Replies 4

Go to solution
Georg Pauwen
VIP
VIP

‎02-05-2018 12:15 AM

Hello,

 

try and disconnect the router from any network connection, then connect via console and see if local authentication works. 

Rebooting the router might helped if you haven't saved the AAA configuration to memory.

 

If anything else fails, do a password recovery: Which 2800 do you have (the ISR or the old model) ?

Go to solution
utawakevou
Level 4
Level 4
In response to Georg Pauwen

‎02-05-2018 11:52 AM

@Georg Pauwen Local authentication via console doesn't work as well when I disconnect from the network. Will the password recovery procedure enables be to remove that AAA line that I added ? If so then Ill do that. It is a Cisco 2811 router

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to utawakevou

‎02-05-2018 12:47 PM

Hello,

 

yes, the password recovery access will give you local admin access through the console port. Procedure is in the link below:

 

https://www.cisco.com/c/en/us/support/docs/routers/2600-series-multiservice-platforms/22188-pswdrec-2600.html

Go to solution
utawakevou
Level 4
Level 4
In response to Georg Pauwen

‎02-13-2018 01:14 PM

I've got this sorted with the password recovery process but remove AAA then reconfigured it again properly once I manage to log in

 

Thanks, this sort things out for me

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card