cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
533
Views
15
Helpful
5
Replies

Please Help: 3550 lab switch locked by radius server

dchen0999
Level 1
Level 1

Hi All,

Any idea? After clean up all routers and switches config files, sw3 still asks for radius username and password.

When console login and using 3550 password recovery procedure, it still asks for username and password.

When config aaa new-model, no username is asked only the passowrd cisco in typed in. (please see detail config file in the following)

Note: This is for CCIE R&S home lab rack.

==========

// radius server locks sw3

Access-Server#9

[Resuming connection 9 to sw3 ... ]

User Access Verification

Username:

Username: cisco

Password:

% Backup authentication

00:27:36: %RADIUS-4-RADIUS_DEAD: RADIUS server 150.100.1.254:1645,1646 is not responding.

00:27:36: %RADIUS-4-RADIUS_ALIVE: RADIUS server 150.100.1.254:1645,1646 has returned.

Username:

===========

sw3#sh run

Building configuration...

Current configuration : 4655 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname sw3

!

!

aaa new-model

aaa authentication dot1x default group radius

!

aaa session-id common

mls qos

ip subnet-zero

ip routing

no ip domain-lookup

!

!

!

!

!

!

dot1x system-auth-control

dot1x guest-vlan supplicant

no file verify auto

!

!

interface FastEthernet0/11

switchport mode access

dot1x pae authenticator

dot1x port-control auto

dot1x guest-vlan 999

dot1x auth-fail vlan 999

!

interface FastEthernet0/12

switchport mode access

dot1x pae authenticator

dot1x port-control auto

dot1x guest-vlan 999

dot1x auth-fail vlan 999

!

interface FastEthernet0/13

switchport mode access

dot1x pae authenticator

dot1x port-control auto

dot1x guest-vlan 999

dot1x auth-fail vlan 999

!

interface FastEthernet0/14

switchport mode access

dot1x pae authenticator

dot1x port-control auto

dot1x guest-vlan 999

dot1x auth-fail vlan 999

!

interface FastEthernet0/15

switchport mode access

dot1x pae authenticator

dot1x port-control auto

dot1x guest-vlan 999

dot1x auth-fail vlan 999

!

interface FastEthernet0/16

switchport mode access

dot1x pae authenticator

dot1x port-control auto

dot1x guest-vlan 999

dot1x auth-fail vlan 999

!

interface FastEthernet0/17

switchport mode access

dot1x pae authenticator

dot1x port-control auto

dot1x guest-vlan 999

dot1x auth-fail vlan 999

!

interface FastEthernet0/18

switchport mode access

dot1x pae authenticator

dot1x port-control auto

dot1x guest-vlan 999

dot1x auth-fail vlan 999

!

interface FastEthernet0/19

switchport mode dynamic desirable

channel-group 1 mode desirable

!

interface FastEthernet0/20

switchport mode dynamic desirable

channel-group 1 mode desirable

!

interface FastEthernet0/21

switchport mode dynamic desirable

!

interface FastEthernet0/22

switchport mode dynamic desirable

!

interface FastEthernet0/23

switchport mode dynamic desirable

channel-group 2 mode desirable

!

interface FastEthernet0/24

switchport mode dynamic desirable

channel-group 2 mode desirable

!

interface GigabitEthernet0/1

switchport mode dynamic desirable

!

interface GigabitEthernet0/2

switchport mode dynamic desirable

!

interface Vlan1

no ip address

shutdown

!

ip classless

ip http server

ip http secure-server

!

radius-server host 150.100.1.254 auth-port 1645 acct-port 1646

radius-server source-ports 1645-1646

radius-server key cisco

5 Replies 5

Jerry Ye
Cisco Employee
Cisco Employee

Have you use no aaa new-model

or

del flash:/config.text?

no aaa new-model should remove the authentication and del flash:/config.text should wipe the switch clean except the VLAN database.

Regards,

jerry

dchen0999
Level 1
Level 1

try to do password recovery per cisco doc, but config.text file is missing from flash dir:

switch: dir flash:

Directory of flash:/

2 -rwx 5276 syslog

3 -rwx 0 env_vars

4 -rwx 7131928 c3550-ipservicesk9-mz.122-25.SEE.bin

5 drwx 64 crashinfo

24 -rwx 326 system_env_vars

7 drwx 192 c3550-i9q3l2-mz.121-13.EA1a

26 -rwx 24 private-config.text

If you reboot at this point, the switch should come up clean. Do you need to keep your config? Also, I see your cross post to the other forum. I will jump on the other one and consolidate the answer at one place.

Regards,

jerry

Thanks Jerry.

BTW: rebooting sw won't help.

// this is fixed, per this doc:

https://www.cisco.com/en/US/products/hw/switches/ps628/products_password_recovery09186a0080094184.shtml

Note: I need to rename "private-config.text" in my sw flash dir for config.text.

dchen0999
Level 1
Level 1

// this is fixed, per this doc: https://www.cisco.com/en/US/products/hw/switches/ps628/products_password_recovery09186a0080094184.shtml

Note: I need to rename "private-config.text" in my sw flash dir for config.text.

Review Cisco Networking for a $25 gift card