10-05-2009 12:18 PM - edited 03-06-2019 08:00 AM
Hi All,
Any idea? After clean up all routers and switches config files, sw3 still asks for radius username and password.
When console login and using 3550 password recovery procedure, it still asks for username and password.
When config aaa new-model, no username is asked only the passowrd cisco in typed in. (please see detail config file in the following)
Note: This is for CCIE R&S home lab rack.
==========
// radius server locks sw3
Access-Server#9
[Resuming connection 9 to sw3 ... ]
User Access Verification
Username:
Username: cisco
Password:
% Backup authentication
00:27:36: %RADIUS-4-RADIUS_DEAD: RADIUS server 150.100.1.254:1645,1646 is not responding.
00:27:36: %RADIUS-4-RADIUS_ALIVE: RADIUS server 150.100.1.254:1645,1646 has returned.
Username:
===========
sw3#sh run
Building configuration...
Current configuration : 4655 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname sw3
!
!
aaa new-model
aaa authentication dot1x default group radius
!
aaa session-id common
mls qos
ip subnet-zero
ip routing
no ip domain-lookup
!
!
!
!
!
!
dot1x system-auth-control
dot1x guest-vlan supplicant
no file verify auto
!
!
interface FastEthernet0/11
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x guest-vlan 999
dot1x auth-fail vlan 999
!
interface FastEthernet0/12
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x guest-vlan 999
dot1x auth-fail vlan 999
!
interface FastEthernet0/13
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x guest-vlan 999
dot1x auth-fail vlan 999
!
interface FastEthernet0/14
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x guest-vlan 999
dot1x auth-fail vlan 999
!
interface FastEthernet0/15
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x guest-vlan 999
dot1x auth-fail vlan 999
!
interface FastEthernet0/16
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x guest-vlan 999
dot1x auth-fail vlan 999
!
interface FastEthernet0/17
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x guest-vlan 999
dot1x auth-fail vlan 999
!
interface FastEthernet0/18
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x guest-vlan 999
dot1x auth-fail vlan 999
!
interface FastEthernet0/19
switchport mode dynamic desirable
channel-group 1 mode desirable
!
interface FastEthernet0/20
switchport mode dynamic desirable
channel-group 1 mode desirable
!
interface FastEthernet0/21
switchport mode dynamic desirable
!
interface FastEthernet0/22
switchport mode dynamic desirable
!
interface FastEthernet0/23
switchport mode dynamic desirable
channel-group 2 mode desirable
!
interface FastEthernet0/24
switchport mode dynamic desirable
channel-group 2 mode desirable
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip http server
ip http secure-server
!
radius-server host 150.100.1.254 auth-port 1645 acct-port 1646
radius-server source-ports 1645-1646
radius-server key cisco
10-05-2009 12:23 PM
Have you use no aaa new-model
or
del flash:/config.text?
no aaa new-model should remove the authentication and del flash:/config.text should wipe the switch clean except the VLAN database.
Regards,
jerry
10-05-2009 02:08 PM
try to do password recovery per cisco doc, but config.text file is missing from flash dir:
switch: dir flash:
Directory of flash:/
2 -rwx 5276
3 -rwx 0
4 -rwx 7131928
5 drwx 64
24 -rwx 326
7 drwx 192
26 -rwx 24
10-05-2009 02:52 PM
If you reboot at this point, the switch should come up clean. Do you need to keep your config? Also, I see your cross post to the other forum. I will jump on the other one and consolidate the answer at one place.
Regards,
jerry
10-05-2009 02:56 PM
Thanks Jerry.
BTW: rebooting sw won't help.
// this is fixed, per this doc:
Note: I need to rename "private-config.text" in my sw flash dir for config.text.
10-05-2009 02:53 PM
// this is fixed, per this doc: https://www.cisco.com/en/US/products/hw/switches/ps628/products_password_recovery09186a0080094184.shtml
Note: I need to rename "private-config.text" in my sw flash dir for config.text.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide