Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
290
Views
0
Helpful
3
Replies

aaa new-model lockout danger

tedauction
Level 1
Level 1

‎06-19-2018 04:59 PM - edited ‎03-08-2019 03:24 PM

Hello, my situation is that  have switches with no enable password configured i.e. simply a username and password.

If I enter the command 'aaa new-model' and do not have the command "aaa authorization exec default local if-authenticated" configured then am I going to be locked out of privileged mode ? i.e .will I have to reset the switch to get back to this level of access ?

Labels:
0 Helpful
3 Replies 3

Reza Sharifi
Hall of Fame
Hall of Fame

‎06-19-2018 05:31 PM

If you get locked out of the switch, you have to do a password recovery and reboot possibly multiple times to reset the password.  If these switches are in production, the password recovery procedure will cause downtime.  So, please make sure you don't get locked out.

HTH  

0 Helpful

tedauction
Level 1
Level 1
In response to Reza Sharifi

‎06-19-2018 05:46 PM

Thank you. I wanted to confirm if the following is correct ?

 

If I enter the command 'aaa new-model' and do not have the command "aaa authorization exec default local if-authenticated" configured then am I going to be locked out of privileged mode ?

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to tedauction

‎06-19-2018 06:08 PM

Have a look at this link. The function of that command is explained really well by Rick.

https://supportforums.cisco.com/t5/aaa-identity-and-nac/if-authenticated/td-p/1248124

HTH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card