Not able to get to enable mode

prabhatei7 · ‎09-30-2020

Hello all,

Hope you are safe & secure in this pandemic.

I would like to know if there is any way we can bypass enable mode after configuring tacacs+.

I will try to explain in details, I have configured tacacs+ on my switches and configuration is working fine and all switches are authenticating properly until one of the switches now requesting for enable password.

NOTE: BELOW CONFIG IS AFTER IMPLEMENTING TACACS+ AND NOW I'M NOT ABLE TO GET TO ENABLE MODE. BEFORE IMPLEMENTING TACACS+ IT WASNT ASKING FOR ENABLE PASSWORD BUT NOW IT IS ASKING.

Hostname: $(hostname)
*********************************WARNING************************************
* Access to this system is strictly restricted to authorised persons *
* Any violation is prohibited and will be prosecuted *
****************************************************************************
Using keyboard-interactive authentication.
Password:

Welcome to mllswr01

mllswr01>en
Password:
% Access denied

mllswr01>enable
Password:
% Access denied

mllswr01>
mllswr01>

Below is my tacacs+ config

aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ if-authenticated
aaa accounting commands 15 default start-stop group tacacs+
tacacs-server host 10.XX.XX.XX
tacacs-server directed-request
tacacs-server key testkey123

So as this switch is not accessible physically as we dont have anyone available to reboot the switch, without reboot is there any way I can get to enable mode so that I can remove my tacacs+ config.

prabhatei7 · ‎10-06-2020

Any help would be appreciated.