Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
470
Views
0
Helpful
7
Replies

Cisco 8000 XR7 Password Locked out

mahdihabashi
Level 1
Level 1

‎02-08-2025 12:12 PM

hi guys, i have cisco 8102H series router with XR7.8.2 software.it seems when i was configuring my aaa configurations i had a mistake and my 8000 series router is giving me authorization failed. i know the local users password with root privilege but when i login with them it still shows me authorization failed even when i disconnect all cables including mgmt from it . how can gain access to this device again ?!
and also i can login to it when i connect mgmt with my ISE user/password but it still sends me authorization fail...

Command authorization failed

Labels:
0 Helpful
7 Replies 7

Flavio Miranda
VIP
VIP

‎02-08-2025 05:36 PM - edited ‎02-08-2025 05:37 PM

@mahdihabashi 

If you did not configure any fallback to local user on tacacs failure, I believe you need to run recovery procedure as describded on the link below.

https://www.cisco.com/c/en/us/td/docs/iosxr/cisco8000/b-setup-and-upgrade-cisco8k/troubleshoot.html 

0 Helpful

mahdihabashi
Level 1
Level 1
In response to Flavio Miranda

‎02-09-2025 01:50 AM

hi dear flavio,
i have root users on this router and i can login with them in priviledge mode but when i try to go to configuration terminal it says authorization failed ... it seems i didnt configure any fallback to tacacs cause when i disconnect mgmt it still says authorization failed ...

0 Helpful

mahdihabashi
Level 1
Level 1

‎02-09-2025 01:53 AM

@Flavio Miranda  and also i did not enable that system recovery on it ... how is it even possible that i can authenticate to the device using my local users but i cant get authorization ... what do you suggest mate?

0 Helpful

Flavio Miranda
VIP
VIP
In response to mahdihabashi

‎02-09-2025 02:00 AM

@mahdihabashi 

This related to misconfiguration of tacacs. 

The device is being controlled by tacacs partially. 

0 Helpful

mahdihabashi
Level 1
Level 1
In response to Flavio Miranda

‎02-11-2025 11:18 AM

yes and the problem is that there is no password recovery mechanism on this router. The only way seems to be re-imaging the device.

also there is a command system recovery on this routers but it is disabled by default so you must enable it manually before this kind of incidents happening

0 Helpful

decode.chr13
Level 1
Level 1

‎02-09-2025 02:06 AM

@mahdihabashi 

If you didn't try so far, I would configure ISE to allow command authorization for any command for this device.

Otherwise, if you have the configuration saved, the other possibility is to turboboot the device and put back the config.

 

0 Helpful

mahdihabashi
Level 1
Level 1
In response to decode.chr13

‎02-11-2025 11:16 AM

Hi dear , the problem is that the router is not sending radius packets to my ISE and it seems there is a misconfiguration there too!

0 Helpful
Customers Also Viewed These Support Documents