RE: Silly TACACs mistake

From: Brant I. Stevens (branto@myrealbox.com)
Date: Wed Apr 02 2003 - 18:48:07 GMT-3

• Next message: Ram Shummoogum: "BGP AS removal"
• Previous message: Brennan_Murphy@NAI.com: "RE: Silly TACACs mistake"
• Maybe in reply to: Brian Dennis: "RE: Silly TACACs mistake"
• Next in thread: Pratt, Jeremy: "RE: Silly TACACs mistake"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

If you have SNMP Write communities set on the router, you could send a
Set to disable the aaa-new model... Not speaking from having to have
done that myself, or anything... ;)

SolarWinds is good for this, too...

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Brennan_Murphy@nai.com
Sent: Wednesday, April 02, 2003 2:56 PM
To: ccielab@groupstudy.com
Subject: OT: Silly TACACs mistake

Suppose you placed this config on a router:

aa new-model
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+

and you forgot to include this:

username cisco password cisco

Is password recovery the only way to recover? What
if you also had this:

enable secret ciscosecret

?

thx,
bm

• Next message: Ram Shummoogum: "BGP AS removal"
• Previous message: Brennan_Murphy@NAI.com: "RE: Silly TACACs mistake"
• Maybe in reply to: Brian Dennis: "RE: Silly TACACs mistake"
• Next in thread: Pratt, Jeremy: "RE: Silly TACACs mistake"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:35:45 GMT-3