Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1624
Views
5
Helpful
5
Replies

Locked out of 6807 after configuring AAA and radius

dbuckley77
Level 1
Level 1

‎02-21-2018 04:23 AM - edited ‎12-09-2024 10:58 AM

We had a local user setup on our pair of 6807s operating in VSS that we had been using for a while.  I was asked to setup radius authentication for domain users.  So I setup AAA first as it is on all our other switches on the network and then setup radius.  Now radius only lets me into the user exec mode and when I type enable I get the "error in authentication" message and the local authentication no longer seems to be working so I cannot get into the switch past user exec mode.  I have copied the exact commands for AAA and radius that I used below.  I setup a support case with cisco and they suggested, 1.  the switch is looking for radius attributes that are not configured on our Microsoft raiuds server and we should configure them to get radius working  2.  remove the switch IP from our AAA server to force the switch to use local authentication

 

 

config

Labels:
5 Replies 5

Reza Sharifi
Hall of Fame
Hall of Fame

‎02-21-2018 06:07 AM

To get back to the switch, option 2 should work fine. Make sure the radius is not reachable from the 6807 and then login local using the local username and password.

HTH

0 Helpful

paul driver
VIP
VIP

‎02-21-2018 06:37 AM

Hello

try

aaa new-model
aaa authentication login default group radius local
aaa authentication login CONSOLE local
aaa authorization console
aaa authorization exec CONSOLE local
aaa authorization commands 15 CONSOLE  local


line console 0
authorization commands 15 CONSOLE  ( interface specific)
authorization exec CONSOLE ( interface specific)
login authentication CONSOLE

 

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

dbuckley77
Level 1
Level 1
In response to paul driver

‎02-21-2018 11:00 AM

I can't try that because I can't get into priveledged exec or config mode.

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to dbuckley77

‎02-21-2018 11:08 AM

Correct., you have to be able to login first.  Try making sure that the 6800 can't reach the server.

0 Helpful

paul driver
VIP
VIP
In response to Reza Sharifi

‎02-21-2018 07:20 PM

Hello

As reza  suggested either try disconnecting the switch from reaching the radius server or if applicable as I’m not so sure on the 6500’s (usually only found in rtrs) do they have a auxiliary port you could try access 

 

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents