From: Rick Mur (rickmur@me.com)
Date: Tue Aug 26 2008 - 16:58:35 ART
You screwed up the authentication for enabled mode :-)
Because you only specified the tacacs+ way of authenticating on the
enable command it will never try something else. So because their is
no tacacs+ server it will never allow you to type the password.
The only solution is that I hope you didn't save your config so you
can powercycle it. Else you'll have to do a password recovery.
To not have this problem the next time, you could specify a enable
password or enable secret and type:
aaa authentication default group tacacs+ enable
When the tacacs server is not available it will automatically fall
back to the enable password or secret.
Rick
On 26 aug 2008, at 12:33, Jack Tsai wrote:
> After messing up my router with the aaa commands, now I get this:
> 2811-5>en
> % Error in authentication.
>
> Console or vty connection gave me the same error.
>
> The last modification was like this:
> ----------------------------------------------------------------
> aaa new-model
> !
> !
> aaa group server tacacs+ rrr
> server 1.1.1.1
> !
> aaa authentication enable default group rrr group tacacs+
> !
> aaa session-id common
> ----------------------------------------------------------------
>
> where, 1.1.1.1 does not exist. There is no route to that address.
>
>
> Any idea what caused the problem?
>
> Thanks,
> Jack
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:32 ART