Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
435
Views
1
Helpful
6
Replies

No local user created after aaa configs applied and devices rebooted

Go to solution
sjulien80
Level 1
Level 1

‎03-16-2025 05:42 PM

Let say we are using IOS-XE image 17.16.1

We applied aaa-new model (tacas for user auth) configuration and we forgot to create local user account and password on the device, then we reload the device.

What are the rollback options:

Knowing that rommon mode with password recovery, boot from usb or tftp won't work.

Please let me know you though?

Thanks

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-17-2025 11:54 PM

Again, it depends on what configuration is applied to the devices. As long as you do not apply the configuration to the VTY and console, you are safe.

If you locked out, then you need to start from the beginning wiping the config.

refer configuration guide :

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/17-6/configuration_guide/sys_mgmt/b_176_sys_mgmt_9300_cg/troubleshooting_the_software_configuration.html?bookSearch=true#task_nzq_q4z_n1b

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Go to solution
sjulien80
Level 1
Level 1

‎03-20-2025 08:58 PM

Hi @balaji.bandi, good point. The answer is in the link you shared.

Ignore the startup configuration with the following command: from rommon : SWITCH_IGNORE_STARTUP_CFG=1

 

View solution in original post

0 Helpful
6 Replies 6

Go to solution
marce1000
Hall of Fame
Hall of Fame

‎03-17-2025 02:55 AM

 

 - What device model are you talking about ?

  M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
sjulien80
Level 1
Level 1
In response to marce1000

‎03-17-2025 10:14 PM

Hi Marce 

Catalyst 9500

But, let say Catalyst 9000 in general

0 Helpful

Go to solution
Joshqun Ismayilov
Level 1
Level 1

‎03-17-2025 04:29 AM

@sjulien80 
Try to connect via console during boot.

If prompted with setup dialog, answer "no" to avoid re-enabling AAA, then manually create a local user:

#enable
#configure terminal
#username admin secret <password>
#no aaa new-model ! Temporarily disable AAA
#write memory

Thanks!

0 Helpful

Go to solution
sjulien80
Level 1
Level 1
In response to Joshqun Ismayilov

‎03-17-2025 10:16 PM

@Joshqun Ismayilov 

Thanks for your reply, but it's not working that way.

You will never be able to access the device.

I already have the solution, but I want get the community involve.

It's little bit tricky and hidden

Thanks

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-17-2025 11:54 PM

Again, it depends on what configuration is applied to the devices. As long as you do not apply the configuration to the VTY and console, you are safe.

If you locked out, then you need to start from the beginning wiping the config.

refer configuration guide :

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/17-6/configuration_guide/sys_mgmt/b_176_sys_mgmt_9300_cg/troubleshooting_the_software_configuration.html?bookSearch=true#task_nzq_q4z_n1b

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
sjulien80
Level 1
Level 1

‎03-20-2025 08:58 PM

Hi @balaji.bandi, good point. The answer is in the link you shared.

Ignore the startup configuration with the following command: from rommon : SWITCH_IGNORE_STARTUP_CFG=1

 

0 Helpful
Customers Also Viewed These Support Documents
Top