Re: AAA password recovery for routers

From: Mohamed.N (mohamed_n@sifycorp.com)
Date: Thu May 11 2006 - 19:42:27 ART

• Next message: Dennis E. Bates: "RE: using USB card reader/writer to upgrade I.O.S."
• Previous message: Huizinga, Rene: "RE: AAA password recovery for routers"
• Maybe in reply to: Mohamed.N: "AAA password recovery for routers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I was in a perception that password recovery for router when aaa is enabled
is diff..
troubleshooting in early morning 3.30 will be like this,pls excuse.

Rgds
Mohamed.

----- Original Message -----
From: "Huizinga, Rene" <rhuizinga@upcbroadband.com>
To: "'Mohamed.N'" <mohamed_n@sifycorp.com>; <ccielab@groupstudy.com>
Sent: Friday, May 12, 2006 3:50 AM
Subject: RE: AAA password recovery for routers

> P.S.
>
> Short emails have never been one of my qualities... ;)
>
> -----Original Message-----
> From: Huizinga, Rene
> Sent: Friday, May 12, 2006 12:20 AM
> To: 'Mohamed.N'; ccielab@groupstudy.com
> Subject: RE: AAA password recovery for routers
>
> Hi,
>
>
> Quite simple:
>
> - get console-access
> - reload the router
> - send a break in the startup-process (shortly after the first init-stage)
> and you'll get into rommon-mode
> - set the config-register to 0x41
> - reload the router. It'll come back with the 'router' prompt and
> unconfigured
> - enable
> - do a 'copy start run'
> - check with a 'sh ip int brie' which interfaces you need un-shut, go to
> config-mode and un-shut them
> - modify the 'aaa authentication ...' line to what you want it to be
> - exit the config-mode and do a 'sh run' to see what other
default-settings
> may be in there which you'd event. Want altered and modify them.
> - set the config-register back to 0x2102 or whatever you'd want it to be
as
> default
> - write the config
> - reload the router and verify all is as wanted.
>
> And 2 more things:
>
> - Best practice here would be to define a local user as backup and set
that
> as fallback authentication-method. So in this case in global config:
> 'username xxx password xxx'
> 'aaa authentication login default tacacs local'
>
> - If you have additionally authorisation enabled, also without fallback,
> this method may still not work. Because after enabling and loading the
> config from startup to running you'll have the router running
authorisation
> which will fail because there's no valid username to enter which would be
> sent to the tacacs-server. All following commands would fail depending on
> the config. In that case logging-out will give you the same issue, so make
a
> config-backup from startup in a notepad, make the mod's necessary and
> copy&paste the config in parts over except the AAA-part first, do that
> later. Or configure 1 interface for IP-connectivity and set your gateway
if
> neccessary, TFTP the file over to a TFTP-server, modify the file and load
it
> back in. Don't forget again to un-shut the interfaces, setting the
> config-register back, etc. Or alternatively load the file to nvram as new
> startup-config, only adjust the config-register, do NOT write the config
and
> reload... ;)
>
>
> Cya
>
> Rene.
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Mohamed.N
> Sent: Thursday, May 11, 2006 11:42 PM
> To: ccielab@groupstudy.com
> Subject: AAA password recovery for routers
>
> Hi All,
>
> How to recover the password for a router which is configured to
authenticate
> users using AAA server locally ?
>
> I have done a aaa configuration in our router and some mistake, iam unable
> to login the router.
> I tried google, but there are procedures for PIX, and not for router.
> Pls help
>
> Regards
> Mohamed
>
>
> ********** DISCLAIMER **********
> Information contained and transmitted by this E-MAIL is proprietary to
Sify
> Limited and is intended for use only by the individual or entity to which
it
> is addressed, and may contain information that is privileged, confidential
> or exempt from disclosure under applicable law. If this is a forwarded
> message, the content of this E-MAIL may not have been sent with the
> authority of the Company. If you are not the intended recipient, an agent
of
> the intended recipient or a person responsible for delivering the
> information to the named recipient, you are notified that any use,
> distribution, transmission, printing, copying or dissemination of this
> information in any way or in any manner is strictly prohibited. If you
have
> received this communication in error, please delete this mail & notify us
> immediately at admin@sifycorp.com
>
>
> Log on to www.Sifymax.com for Cricket video score card, Hot videos from
> Lakme Fashion Week and more only on Sify Max!
>
> Get to see what's happening in your favourite City on Bangalore Live!
> www.bangalorelive.in
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Dennis E. Bates: "RE: using USB card reader/writer to upgrade I.O.S."
• Previous message: Huizinga, Rene: "RE: AAA password recovery for routers"
• Maybe in reply to: Mohamed.N: "AAA password recovery for routers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:21 ART