From: Huizinga, Rene (rhuizinga@upcbroadband.com)
Date: Thu May 11 2006 - 19:20:29 ART
P.S.
Short emails have never been one of my qualities... ;)
-----Original Message-----
From: Huizinga, Rene
Sent: Friday, May 12, 2006 12:20 AM
To: 'Mohamed.N'; ccielab@groupstudy.com
Subject: RE: AAA password recovery for routers
Hi,
Quite simple:
- get console-access
- reload the router
- send a break in the startup-process (shortly after the first init-stage)
and you'll get into rommon-mode
- set the config-register to 0x41
- reload the router. It'll come back with the 'router' prompt and
unconfigured
- enable
- do a 'copy start run'
- check with a 'sh ip int brie' which interfaces you need un-shut, go to
config-mode and un-shut them
- modify the 'aaa authentication ...' line to what you want it to be
- exit the config-mode and do a 'sh run' to see what other default-settings
may be in there which you'd event. Want altered and modify them.
- set the config-register back to 0x2102 or whatever you'd want it to be as
default
- write the config
- reload the router and verify all is as wanted.
And 2 more things:
- Best practice here would be to define a local user as backup and set that
as fallback authentication-method. So in this case in global config:
'username xxx password xxx'
'aaa authentication login default tacacs local'
- If you have additionally authorisation enabled, also without fallback,
this method may still not work. Because after enabling and loading the
config from startup to running you'll have the router running authorisation
which will fail because there's no valid username to enter which would be
sent to the tacacs-server. All following commands would fail depending on
the config. In that case logging-out will give you the same issue, so make a
config-backup from startup in a notepad, make the mod's necessary and
copy&paste the config in parts over except the AAA-part first, do that
later. Or configure 1 interface for IP-connectivity and set your gateway if
neccessary, TFTP the file over to a TFTP-server, modify the file and load it
back in. Don't forget again to un-shut the interfaces, setting the
config-register back, etc. Or alternatively load the file to nvram as new
startup-config, only adjust the config-register, do NOT write the config and
reload... ;)
Cya
Rene.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Mohamed.N
Sent: Thursday, May 11, 2006 11:42 PM
To: ccielab@groupstudy.com
Subject: AAA password recovery for routers
Hi All,
How to recover the password for a router which is configured to authenticate
users using AAA server locally ?
I have done a aaa configuration in our router and some mistake, iam unable
to login the router.
I tried google, but there are procedures for PIX, and not for router.
Pls help
Regards
Mohamed
********** DISCLAIMER **********
Information contained and transmitted by this E-MAIL is proprietary to Sify
Limited and is intended for use only by the individual or entity to which it
is addressed, and may contain information that is privileged, confidential
or exempt from disclosure under applicable law. If this is a forwarded
message, the content of this E-MAIL may not have been sent with the
authority of the Company. If you are not the intended recipient, an agent of
the intended recipient or a person responsible for delivering the
information to the named recipient, you are notified that any use,
distribution, transmission, printing, copying or dissemination of this
information in any way or in any manner is strictly prohibited. If you have
received this communication in error, please delete this mail & notify us
immediately at admin@sifycorp.com
Log on to www.Sifymax.com for Cricket video score card, Hot videos from
Lakme Fashion Week and more only on Sify Max!
Get to see what's happening in your favourite City on Bangalore Live!
www.bangalorelive.in
This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:21 ART