From: Brian Dennis (brian@labforge.com)
Date: Wed Apr 02 2003 - 18:09:44 GMT-3
Yes rebooting the router and bypassing the configuration is an option if
the configuration was saved to NVRAM. If you didn't save the
configuration just reloading it would work. Also you could use SNMP to
change the router's configuration if you have SNMP configured on the
router.
The "enable secret" command is irrelevant to this issue.
Also I assumed that this router doesn't have access to the TACACS server
as the commands aren't shown in your config.
Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
Director of CCIE Training and Development - IPexpert, Inc.
Mailto: brian@ipexpert.net
Toll Free: 866.225.8064
Outside U.S. & Canada: 312.321.6924
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Brennan_Murphy@NAI.com
Sent: Wednesday, April 02, 2003 11:56 AM
To: ccielab@groupstudy.com
Subject: OT: Silly TACACs mistake
Suppose you placed this config on a router:
aa new-model
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
and you forgot to include this:
username cisco password cisco
Is password recovery the only way to recover? What
if you also had this:
enable secret ciscosecret
?
thx,
bm
This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:35:45 GMT-3