Re: HELP - I locked myself after enabling aaa new-model ...

From: Huzefa (ratlamwala.huzefa@gmail.com)
Date: Sun Sep 14 2008 - 09:56:54 ART

• Next message: Huan Pham: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Previous message: Huan Pham: "HELP - I locked myself after enabling aaa new-model ..."
• Maybe in reply to: Huan Pham: "HELP - I locked myself after enabling aaa new-model ..."
• Next in thread: Huan Pham: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Huan
You can always try 'Breaking' the password on any Cisco box, check out the
Configuration Guide for more details.

On Sun, Sep 14, 2008 at 3:49 PM, Huan Pham <pnhuan@yahoo.com> wrote:

> .... using Brian Dennis's COD recommended approach and configuration ;-)
>
>
> Here's the config.
>
> aaa new-model
> aaa authentication login VTY_LINE line
> line vty 0 15
> password cisco
> login authentication VTY_LINE
>
>
> I tried this config on both 3560 and 3550, ending up with the same problem
> as described above.
>
> I applied the same config on a 3640 router, it worked the way I expected,
> i.e. I was able to log on using a password (without username). If I removed
> the vty command "login authentication VTY_LINE", I was unable to telnet to
> the router, also as I expected.
>
> Maybe the IOS version I used for my switches has a bug, or I am missing
> something basic here. Help appreciated.
>
>
> Huan
>
>
>
>
> RSRack1SW3#sh ver | in IOS
> Cisco IOS Software, C3550 Software (C3550-IPSERVICESK9-M), Version
> 12.2(44)SE, RELEASE SOFTWARE (fc1)
>
> RSRack1SW2#sh ver | in IOS
> Cisco IOS Software, C3560 Software (C3560-ADVIPSERVICESK9-M), Version
> 12.2(44)SE, RELEASE SOFTWARE (fc1)
>
> RSRack1SW2#sh run | in aaa
> aaa new-model
> aaa authentication login VTY_LINE line
> aaa session-id common
>
> RSRack1SW2#sh run | b line vty
> line vty 0 4
> password cisco
> login authentication VTY_LINE
> line vty 5 15
> password cisco
> login authentication VTY_LINE
> !
> end
>
> RSRack1SW2#sh ip int brief | in Loop
> Loopback0 150.1.8.8 YES NVRAM up up
> RSRack1SW2#telnet 150.1.8.8
> Trying 150.1.8.8 ... Open
>
>
> ! -_- NO LOGIN PROMPT -_-
>
>
>
>
>
>
> RSRack1R3#c
> Enter configuration commands, one per line. End with CNTL/Z.
> RSRack1R3(config)#aaa new-model
> RSRack1R3(config)#aaa authentication login VTY_LINE line
> RSRack1R3(config)#line vty 0 15
> RSRack1R3(config-line)# password cisco
> RSRack1R3(config-line)# login authentication VTY_LINE
> RSRack1R3(config-line)#
> RSRack1R3(config-line)#
> RSRack1R3#t
> *Mar 1 17:10:57.675: %SYS-5-CONFIG_I: Configured from console by console
> RSRack1R3#telnet 150.1.3.3
> Trying 150.1.3.3 ... Open
>
>
> User Access Verification
>
> Password:
>
> RSRack1R3#sh ver | in IOS
> Cisco IOS Software, 3600 Software (C3640-JK9O3S-M), Version 12.4(5a),
> RELEASE SOFTWARE (fc3)
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Huan Pham: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Previous message: Huan Pham: "HELP - I locked myself after enabling aaa new-model ..."
• Maybe in reply to: Huan Pham: "HELP - I locked myself after enabling aaa new-model ..."
• Next in thread: Huan Pham: "Re: HELP - I locked myself after enabling aaa new-model ..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 04 2008 - 09:26:18 ART