Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2161
Views
5
Helpful
3
Replies

3560 switch password/no password

lawrence069
Level 1
Level 1

‎02-20-2015 07:16 AM - edited ‎03-07-2019 10:46 PM

Confused, I have a switch that allows me to telnet via the console port with no password prompt but when I try to manage the switch through Cisco Network Assistant (or browser) am prompted for a password.  I was told there was a password for the switch and tried the password i was given.  Below is part of the running config. Since I have console access can I just reset the password?  

 

Thanks in advance

 

hostname tbfl-3560-100-1
!
enable secret 5 $1$w.G1$KHCktbqU4fARwWu4Gbcnx.
!
username admin privilege 15 password 7 120C17435F181805383F212B
username eckenrode privilege 2 password 7 045804030C6C454B0E
username gregory privilege 2 password 7 0915195A4B53434759
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
ip domain-name tbfl.com
ip dhcp excluded-address 192.168.11.1 192.168.11.20
ip dhcp excluded-address 192.168.12.1 192.168.12.20
ip dhcp excluded-address 192.168.20.1 192.168.20.20
!

Labels:
0 Helpful
3 Replies 3

Michal Bruncko
Level 4
Level 4

‎02-20-2015 11:52 AM

> allows me to telnet via the console port with no password prompt

that's because you have "no login" command within "line vty" configuration section. No, you haven't gave us that part of configuration file, but I am assuming it. You can confirm with "show run | section line vty".

> when I try to manage the switch through Cisco Network Assistant (or browser) am prompted for a password

this is because Cisco Network Assistant is using alternative way of access - via http or https which is always secure. and for accessing you have to use authentication. I can't tell you more as youre not provided configuration including "ip http" commands from where you can determine what authentication type is used. It could be:

ip http authentication local

...which means that you have to use some of "username" accounts from your configuration,

or:

ip http authentication enable

...which means that for accessing HTTP interface you have to use "enable secret" password (no matter what is username).

0 Helpful

lawrence069
Level 1
Level 1
In response to Michal Bruncko

‎02-20-2015 02:06 PM

Thank you for the reply. Will i be able change the existing  passwords through my console access?

 

below is the remainder of the running config (its a mess, lots of old configurations no longer used)

 

Thanks again

 

Current configuration : 10558 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname tbfl-3560-100-1
!
enable secret 5 $1$w.G1$KHCktbqU4fARwWu4Gbcnx.
!
username admin privilege 15 password 7 120C17435F181805383F212B
username eckenrode privilege 2 password 7 045804030C6C454B0E
username gregory privilege 2 password 7 0915195A4B53434759
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
ip domain-name tbfl.com
ip dhcp excluded-address 192.168.11.1 192.168.11.20
ip dhcp excluded-address 192.168.12.1 192.168.12.20
ip dhcp excluded-address 192.168.20.1 192.168.20.20
!
ip dhcp pool 192.168.11.x-pc
   network 192.168.11.0 255.255.255.0
   default-router 192.168.11.1
   dns-server 12.127.16.67 12.127.17.71
   lease 8
!
ip dhcp pool 192.168.12.x-voip
   network 192.168.12.0 255.255.255.0
   option 176 ascii "MCIPADD=192.168.12.5,MCPORT=1719,TFTPSERVER=0.0.0.0"
   default-router 192.168.12.1
!
ip dhcp pool 192.168.20.GuestWAP
   network 192.168.20.0 255.255.255.0
   default-router 192.168.20.1
   dns-server 12.127.16.67 12.127.17.71
   lease 8
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/2
 description Gregory phone
 switchport access vlan 3
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/3
 switchport access vlan 3
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport access vlan 3
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport access vlan 3
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/6
 switchport access vlan 3
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/7
 switchport access vlan 3
 switchport mode access
 switchport voice vlan 3
 switchport port-security maximum 2
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-phone
 auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/8
 switchport access vlan 3
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/9
 description Jen Olsen phone
 switchport access vlan 3
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/10
 description WildBright
 switchport access vlan 3
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/11
 description Bruce phone line
 switchport access vlan 3
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/12
 description WildBright Phone
 switchport access vlan 3
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/13
 description WildBright phone
 switchport access vlan 3
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/14
 switchport access vlan 2
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 speed 100
 duplex full
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/15
 description Steve Phone
 switchport access vlan 3
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/16
 description Billy phone
 switchport access vlan 3
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/17
 description Mary Phone
 switchport access vlan 3
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/18
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/19
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/20
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/21
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/22
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/23
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/24
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/25
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/26
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/27
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/28
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/29
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/30
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/31
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/32
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/33
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/34
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/35
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/36
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/37
 description test
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/38
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/39
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/40
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/41
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/42
 description avaya-s8300
 switchport access vlan 3
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/43
 description sonitrol-video-surveillance 192.168.11.10
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/44
 switchport access vlan 2
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/45
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/46
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface FastEthernet0/47
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
 no snmp trap link-status
!
interface FastEthernet0/48
 speed 100
 duplex full
 no snmp trap link-status
 spanning-tree portfast
!
interface GigabitEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface Vlan1
 description mgnt-192.168.10.x
 ip address 192.168.10.2 255.255.255.0
!
interface Vlan2
 description pc/client-192.168.11.x
 ip address 192.168.11.1 255.255.255.0
!
interface Vlan3
 description voip-192.168.12.x
 ip address 192.168.12.1 255.255.255.0
!
interface Vlan4
 description vtc-192.168.13.x
 ip address 192.168.13.1 255.255.255.0
!
interface Vlan5
 description WAP_Guest_Access
 ip address 192.168.20.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.10.1
ip http server
!
!
control-plane
!
alias exec src show running-config interface fastEthernet
alias exec find sho inter description | include
alias exec sis sho inter status | include
alias exec sav switchport access vlan
alias exec shmac sho mac-address-table | inc
alias exec sid sho inter description | include
alias exec sif show interface fastEthernet
alias exec sr sho run
alias exec sharp show ip arp | inc
privilege interface level 2 description
privilege interface level 2 speed 100
privilege interface level 2 speed 10
privilege interface level 2 speed auto
privilege interface level 2 duplex full
privilege interface level 2 duplex half
privilege interface level 2 duplex auto
privilege interface level 2 switchport access vlan
privilege interface level 2 spanning-tree portfast
privilege interface level 2 shutdown
privilege interface level 2 no shutdown
privilege configure level 2 interface
privilege exec level 2 enable
privilege exec level 2 configure term
privilege exec level 2 write memory
privilege exec level 2 show running-config
!
line con 0
 exec-timeout 0 0
 logging synchronous
 stopbits 1
line vty 0 4
 exec-timeout 180 0
 logging synchronous
 login local
 length 0
 transport input telnet
line vty 5 15
 exec-timeout 180 0
 logging synchronous
 login local
 transport input telnet
!
end

0 Helpful

Michal Bruncko
Level 4
Level 4
In response to lawrence069

‎02-20-2015 03:08 PM

Hi

you have not explicitly defined "ip http authentication" inside your config, thus default method of authentication for the HTTP server interface is the enable password method in your case. Which means that username field is ignored (you can type there whatever you want there) and the password field should be filled with your enable password.

> Will i be able change the existing passwords through my console access?

sure, you have to login using "admin" account (as it have highest privilege level) and do whatever you want (add/remove accounts or change authentication behavior for any kind of access).

if you wanted to use "admin" account for login into http, then use following command:

ip http authentication local

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card