From: Mark Newcomb (MNewcomb@wsgi.com)
Date: Wed Apr 02 2003 - 20:12:49 GMT-3
An alternative method (One I use all the time) is to telnet into the router
from a second pc or router and go into enable mode. Then, set up the config
from the first PC. Log off of the first pc and try to log back on. If you
cannot get access, use the second PC to fix the config.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Brant I. Stevens
Sent: Wednesday, April 02, 2003 1:48 PM
To: Brennan_Murphy@nai.com; ccielab@groupstudy.com
Subject: RE: Silly TACACs mistake
If you have SNMP Write communities set on the router, you could send a
Set to disable the aaa-new model... Not speaking from having to have
done that myself, or anything... ;)
SolarWinds is good for this, too...
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Brennan_Murphy@nai.com
Sent: Wednesday, April 02, 2003 2:56 PM
To: ccielab@groupstudy.com
Subject: OT: Silly TACACs mistake
Suppose you placed this config on a router:
aa new-model
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
and you forgot to include this:
username cisco password cisco
Is password recovery the only way to recover? What
if you also had this:
enable secret ciscosecret
?
thx,
bm
This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:35:45 GMT-3