Cisco router 3800 hub .. enable password not configure
Dear All,
Please Help me what i do ?
When i m configured enable password by command Router(config)#enable password xyz
Then password is not set the same is in secret password
pls tell the problem and what the solution for that.
Hi,
Not sure if I understand your question. If you assigned a password using "enable password xyz"
You can see the password if you issue "sh run" you can than change the password to whatever you want.
Maybe you can clarify what you are trying to do
HTH
Similar Messages
-
Configure a Cisco router with Username and Password.
Hello Guys,
Am quite new in cisco and i need to configure an 891 cisco router,can someone please show me step by step configuration commands for configuring Username and Secret Password.I would like the router to ask for "Username"and " Password" anytime i want to login the router through telnet.I also want to know if i have to erase the default configurations on the router first, before i start the configuration,and how it should be done in other not to loose the router whiles working on it.Thanks for your usual quick responds.
Regards,
Eben.Hello Eben,
Peter has suggested to use SSH because of the fact that telnet data is sent in clear text, so someone with the right tools could easily find your password and your device could/would be compromised. It is security best practice. SSH is encrypted.
Technically speaking you do not need to change the hostname / domain name. But majority of Cisco documentation follow this method.
In case you are interested on how to do this without change... see below.
Router(config)#
Router(config)#crypto key generate rsa modulus 1024
% Please define a hostname other than Router.
Router(config)#crypto key generate rsa modulus 1024 label CISCO
The name for the keys will be: CISCO
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
Router(config)#
*Jul 11 13:27:51.431: %SSH-5-ENABLED: SSH 1.99 has been enabled
Router(config)#
The normal cases just as shown in Cisco documentation, the parser (without a label on the crypto key) would force us to change the hostname, create a domain name. I think the domain name is there to put a label on the keys.
Router(config)#crypto key generate rsa general-keys modulus 1024
% Please define a hostname other than Router.
Router(config)#crypto key generate rsa
% Please define a hostname other than Router.
Router(config)#hos
Router(config)#hostname ISR
lexnetISR(config)#crypto key generate rsa general-keys modulus 1024
% Please define a domain-name first.
ISR(config)#ip domain name net.com
ISR(config)#exit
ISR(config)#crypto key generate rsa general-keys modulus 1024
The name for the keys will be: ISR.net.com
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK] -
Cisco 1130 ag - The system is not configured to boot automatically
I have a problem on a 1131ag Access point on recycle it stops and makes me maunually type BOOT at the ap: prompt
----------VVVVVVVVVVVVV----------------
ap: Xmodem file system is available.
flashfs[0]: 282 files, 13 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 15998976
flashfs[0]: Bytes used: 9497088
flashfs[0]: Bytes available: 6501888
flashfs[0]: flashfs fsck took 33 seconds.
Base ethernet MAC Address: 00:12:d9:2b:39:0c
Initializing ethernet port 0...
Reset ethernet port 0...
Reset done!
ethernet link up, 100 mbps, full-duplex
Ethernet port 0 initialized: link is up
The system is not configured to boot automatically. The
following command will finish loading the operating system
software:
boot
C1130 Boot Loader (C1130-BOOT-M) Version 12.3(2)JA, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Compiled Mon 08-Nov-04 12:40 by ccai
[I have to type "boot" here to load system]
ap: boot
Loading "flash:/c1130-k9w7-mx.123-7.JA4/c1130-k9w7-mx.123-7.JA4"...#############
File "flash:/c1130-k9w7-mx.123-7.JA4/c1130-k9w7-mx.123-7.JA4" uncompressed and 0
executing...
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, C1130 Software (C1130-K9W7-M), Version 12.3(7)JA4, RELEASE )
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Tue 05-Sep-06 14:14 by alnguyen
Image text-base: 0x00003000, data-base: 0x00683F60
Initializing flashfs...
flashfs[1]: 282 files, 13 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 15998976
flashfs[1]: Bytes used: 9497088
flashfs[1]: Bytes available: 6501888
flashfs[1]: flashfs fsck took 4 seconds.
flashfs[1]: Initialization complete....done Initializing flashfs.
[Legal notes removed]
cisco AIR-AP1131AG-A-K9 (PowerPCElvis) processor (revision B0) with 24566K/8.
Processor board ID FOC08514JMF
PowerPCElvis CPU at 262Mhz, revision number 0x0950
Last reset from power-on
1 FastEthernet interface
2 802.11 Radio(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:12:D9:2B:39:0C
Part Number : 73-8962-06
PCA Assembly Number : 800-24818-06
PCA Revision Number : B0
PCB Serial Number : FOC08514JMF
Top Assembly Part Number : 800-25544-01
Top Assembly Serial Number : FTX0909T049
Top Revision Number : A0
Product/Model Number : AIR-AP1131AG-A-K9
-----------^^^^^^^^^^^^------------------
I have already performed the ap: set BOOT etc commands a dozen times with the same results.
It says: The system is not configured to boot automatically.
I've been trying to get this one going for 4 months now..it was knocked out during a power outage while upgrading it.I didn't know how to get to global configuration mode - I did manage to get there with a bit of guess work.
You use AP: Boot
Let it go through the boot process then at the AP> prompt, [enable] priviledged command set, type in password.
At AP# prompt type [config] then press enter for [terminal] at AP#[config] type NO BOOT MANUAL press [Enter] key and reboot AP.
Question...Do I have to use a WRITE command to write the configuration to CMOS?
I did just play it safe. -
ASA5510 Enable password not working
Hi all,
I have a problem with an ASA5510 (8.0.4) firewall in South Africa (I'm in the UK).
It's a replacement firewall that I am trying to configure remotely through a serial device with an internet facing connection, but the enable password is not working.
I can connect to the device OK, type 'en' and when propted for the password whatever I use (blank, cisco, Cisco etc.) I get an 'invalid password' message.
Does anyone know how I can recover this remotely, if that is possbile?
Thanks
AlexHi,
Thanks for your reply.
Unfortunately, I have not configured aaa authentication - this is a replacement box with no config on it yet.
Is there anything else I can try?
Many thanks
Alex -
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
Issue:
Cisco firewalls require only one level of password i.e. the domain username and password are used for both logging in as well as reaching global configuration mode.
Background:
We have multiple Cisco network devices set up which authenticate to our Windows domain controller using NPS (Windows 2008 R2). The switches we have set up all function exactly as we would hope as they require your domain username and password to login to the device. They then require a separate password when you use the enable command, this is stored in Active Directory:
Switches:
Username:domain-username
Password:domain-password
SWITCH>enable
Password:enable-password-in-Active-Directory
SWITCH#
Firewalls (as they currently are):
Username:domain-username
Password:domain-password
FIREWALL>enable
Password:domain-password
FIREWALL #
With the firewalls however, they require your domain username and password first, and then your domain password again when using the enable command. I want the firewalls to use the enable level password that the switches currently use instead of the domain password again. The current configuration look like the following:
Current switch configuration:
aaa new-model
aaa authentication login default group radius local
aaa authentication enable default group radius enable
aaa authorization exec default group radius local
aaa session-id common
radius-server host 192.168.0.1 auth-port 1645 acct-port 1646
radius-server source-ports 1645-1646
radius-server key 7 1234abcd
Current firewall configuration:
aaa-server DC01 protocol radius
aaa-server DC01 (outside) host 192.168.0.1
aaa authentication ssh console DC01 LOCAL
aaa authentication enable console DC01 LOCAL
key 1234abcd
Any help would be great, thanks!Cisco ASA works that way by design. You could remove "aaa authentication enable" and then you could use the "enable password" command to set your enable password.
But if you do that, then ASA would change your username to "enable_15". That would break Authorization and Accounting if you're using them. Let me clarify with an example
Firewalls :
Username:domain-username
Password:domain-password
FIREWALL>show curpriv
Username : domain-username
Current privilege level : 1
Current Mode/s : P_UNPR
FIREWALL>enable
Password:enable-password-from-running-config
FIREWALL #show curpriv
Username : enable_15
Current privilege level : 15
Current Mode/s : P_PRIV
If you're using Authorization and Accounting it's recommended to stick with your current behavior. -
Internal Mail Routing Between HUB servers Is Not Working Correctly
Howdy, Been scratching my head on this one for a while.
First off, running Exchange 2010 Sp3 RU5 across the board.
I have attached a diagram of our environment for visual aid. Please take a look as it makes more sense.
I have drawn the correct mail flow in black and what is happening in red.
Forest A Site A, has a dedicated edge, dedicated Hub and dedicated CAS
Forest A Site A child domain 1, has a multi-roled MBX,HUB,CAS
Forest A Site B child domain 2, has a multi-roled MBX,HUB,CAS
Forest B Site C, has a multi-roled MBX,HUB,CAS
Mail flows TO child domain 2 just fine, but outgoing mail from that same domain keeps routing through HUB in child domain 1 instead of HUB in forest root domain.
The send connector for the organization in Forest A is configured to only send through the dedicated HUB server in Forest A. The Receive connector in Forest A's HUB is also configured correctly. But no matter what i do, mail outgoing from child domain
2 continues to flow to child domain 1 instead of through the dedicated HUB server.
Mail needs to flow so for now i added the HUB in child domain 1 as a source server in the organization's send connector and set up the receive connector in child domain 1 to allow a work around for now.
I think this is an issue in the routing group connector but its just a guess. Any ideas?Hi,
Active Directory IP site links costs are based on relative network speed compared to all network connections in the WAN and are designed to produce a reliable and efficient replication topology. Therefore, in most cases, the existing IP site link costs should
work well for Exchange 2010 message routing. However, if after documenting the existing Active Directory site and IP site link topology, you verify that the Active Directory IP site link costs and traffic flow patterns aren't optimal for Exchange 2010, you
can make adjustments to the costs evaluated by Exchange.
You can use the Set-AdSiteLink cmdlet to assign an Exchange-specific cost to an Active Directory IP site link.
More details refer to the following articles:
Controlling IP Site Link Costs
Set-AdSiteLink
Hope this helps!
Thanks.
Niko Cheng
TechNet Community Support -
Hi all,
I was able to install the Cisco Prime 9.0 assurance
I am entering the correct username and password still I am not able to login to Web admin page
How do i reset the password and login to the web admin console??
Plz help... urgent...
Rgds,
Rebecca....Thanks Rob so much
yes i booted the NCS from the DVD and installed the applications
now i have two NCS appliances one is running PI 1.2 and other LMS 4.2 -
How can i get the password of Cisco router ?
My Cisco router user name and password forgot. Can anyone help me to reset cisco router password ? Thanks.
Many routers can have a master reset done to them by finding the little hole/button on the back of the device and holding it down with your finger/a pen or something and counting to about 30. From there you will need to research what the default master password'/username is to enter the gateway .
I am not affiliated with Best Buy nor have I ever been employed by Best Buy. All of my thoughts and posts are of my own opinion and personal experience.
I may not always know the right answer, but I will always tell you what I do know. I also do free computer analysis and consultation via private message. -
hi all
i hope this is the correct area to post.
i am doing my CCNA and want to overcome a small problem.
when trying to 'telnet' into my 2610 router i get the
'Password not Set' message and then disconnected.
i did see a mention of this among the pages and pages of cisco support area.
the ping is successful, and i do get the banner MOTD shown as i telnet in.
so suggestions please, and have i posted enough info?
regards
cHi
You can get onto the router via console port and configure the password for the same under the line vty 0 4 which will set the telnet password for the router.
line vty 0 4
password cisco
Also do check up whether you have configured either enable password or secret to get the privilege access to configure the router..
regds -
Tacacs+ Authenticating the Enable Password
I have the following configuration on my switch and it works correctly:
aaa group server tacacs+ tacacs_serv
server 192.168.70.20
aaa authentication login tac_auth group tacacs_serv local
line vty 0 15
login authentication tac_auth
transport input ssh
The configuration above works correctly, my username/pwd are authenticated via Tacacs+ and the "enable" password is confirmed via the local database on the switch.
When I make the following changes attempeing to have Tacacs validate the username/pwd as well as the "enable" password I cannot log into the switch at all.
aaa group server tacacs+ tacacs_serv
server 192.168.70.20
aaa authentication login default group tacacs_serv local
aaa authentication enable default group tacacs_serv enable
line vty 0 15
login authentication default
transport input ssh
The switch is running 12.2(44)SE6. The username/pwd are in the local database of the Linux server. The Enable password is configured in two places within the tac_plus.conf file:
host = 192.168.70.15 {
prompt = "Enter your Username and Password. Username: "
enable = cleartext "password"
AND
user = $enab15$ {
login = cleartext "password"
Any help would be appreciated.
ThanksI added the priv-lvl to enable15:
user = $enabl15$ {
login = cleartext 802.11boingo
priv-lvl = 15
It is also in the testuser config:
user = testuser {
login = PAM
member = admin
service = exec
priv-lvl = 15
It is also in the group config:
group = admin {
# group members who don't have their own login password will be
# looked up in /etc/passwd
#login = file /etc/passwd
login = PAM
# group members who have no expiry date set will use this one
#expires = "Jan 1 1997"
# only allow access to specific routers
acl = default
# Needed for the router to make commands available to user (subject
# to authorization if so configured on the router
service = exec {
priv-lvl = 15
#default service = permit
Below is the latest debug:
CCG-WLA-TEST-SWT-1>ena
Password:
Dec 10 16:06:45.755: AAA: parse name=tty0 idb type=-1 tty=-1
Dec 10 16:06:45.755: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0
Dec 10 16:06:45.755: AAA/MEMORY: create_user (0x1F3CB4C) user='testuser' ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)
Dec 10 16:06:45.755: AAA/AUTHEN/START (3173866470): port='tty0' list='' action=LOGIN service=ENABLE
Dec 10 16:06:45.755: AAA/AUTHEN/START (3173866470): using "default" list
Dec 10 16:06:45.755: AAA/AUTHEN/START (3173866470): Method=tacacs_serv (tacacs+)
Dec 10 16:06:45.755: TAC+: send AUTHEN/START packet ver=192 id=-1121100826
Dec 10 16:06:46.057: TAC+: ver=192 id=-1121100826 received AUTHEN status = GETPASS
Dec 10 16:06:46.057: AAA/AUTHEN (3173866470): status = GETPASS
% Error in authentication. -
Cisco router + SSH ?
Does a Cisco router support SSH? How to configure?
Cisco routers support SSH. However, you need to have an IPSEC encryption image running on the router. Configuring SSH on a router is a simple process.
Use this link to configure SSH:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7d5.html#wp1007881
HTH
Sundar -
Tacacs+ Enable password is not working on Cisco Switch
Ladies/Gents,
I am facing issues when enabling tacacs authentication on my cisco switch, aaa login/password is working, aaa enable is not. Underneath details of my devices.
Cisco ACS 1121: version 5.1
Cisco Switch 3560: ios ver 15
I also attached here some documents for your review and comment (switch aaa configuration, debug aaa authentication, acs captured screen)
Hoping to receive an update and comment from you soon.
Thanks,
ArnoldHi Edward,
I created a new shell profiles named "root" as the default one "Permit Access" can't be access or modified, underneath the steps I've made.
1. Create a new shell profile name "root" with max privilege of 15. And then used it in "Default Device Admin/Authorization/Rule-1" shell profile - see attached file for more details.
2. Telnet the Switch and then Issue "debug aaa authentication" using both "Root Shell" and "Permit Access" applied in Rule-1 profile.
Note:
I also attached here the captured screen and debug result for the "shell profiles" -
Configure a Cisco router with telnet Username and Password.
Hello Guys,
Am quite new in cisco and i need to configure an 891 cisco router,can someone please show me step by step configuration commands for configuring Username and Secret Password.I would like the router to ask for "Username"and " Password" anytime i want to login the router through telnet.I also want to know if i have to erase the default configurations on the router first, before i start the configuration,and how it should be done in other not to loose the router whiles working on it.Thanks for your usual quick responds.
Regards,
Eben.From this forum description:
Note: If your questions pertain to specific Cisco technology or solution, please post them in the proper community by leveraging the Community Directory so that folks who have expertise within those areas can engage and collaborate to it.
You should consider to delete your question here and recreate in in more appropriate forum. You can wish for quick response then ...
Edit: Thread has been moved by moderator, the notice no longer apply. -
Not able to telnet or ssh to outside interface of ASA and Cisco Router
Dear All
Please help me with following question, I have set up testing lab, but still not work.
it is Hub and spoke site to site vpn case, connection between hub and spoke is metro-E, so we are using private ip for outside interface at each site.
Hub -- Juniper SRX
Spoke One - Cisco ASA with version 9.1(5)
spoke two - Cisco router with version 12.3
site to site vpn has been successful established. Customer would like to telnet/ssh to spoke's outside ip from Hub(using Hub's outside interface as source for telnet/ssh), or vise versa. Reason for setting up like this is they wants to be able to make configuration change even when site to site vpn is down. Sound like a easy job to do, I tried for a long time, search this forum and google too, but still not work.
Now I can successfully telnet/ssh to Hub SRX's outside interface from spoke (ASA has no telnet/ssh client, tested using Cisco router).
Anyone has ever done it before, please help to share your exp. Does Cisco ASA or router even support it?
When I tested it, of cause site to site vpn still up and running.
Thanks
YKHello YK,
On this case on the ASA, you should have the following:
CConfiguring Management Access Over a VPN Tunnel
If your VPN tunnel terminates on one interface, but you want to manage the ASA by accessing a different interface, you can identify that interface as a management-access interface. For example, if you enter the ASA from the outside interface, this feature lets you connect to the inside interface using ASDM, SSH, Telnet, or SNMP; or you can ping the inside interface when entering from the outside interface. Management access is available via the following VPN tunnel types: IPsec clients, IPsec LAN-to-LAN, and the AnyConnect SSL VPN client.
To specify an interface as a mangement-only interface, enter the following command:
hostname(config)# management access management_interface
where management_interface specifies the name of the management interface you want to access when entering the security appliance from another interface.
You can define only one management-access interface
Also make sure you have the pertinent configuration for SSH, telnet, ASDM and SNMP(if required), for a quick test you can enable on your lab Test:
SSH
- ssh 0 0 outside
- aaa authentication ssh console LOCAL
- Make sure you have a default RSA key, or create a new one either ways, with this command:
*crypto key generate rsa modulus 2048
Telnet
- telnet 0 0 outside
- aaa authentication telnet console LOCAL
Afterwards, if this works you can define the subnets that should be permitted.
On the router:
!--- Step 1: Configure the hostname if you have not previously done so.
hostname Router
!--- aaa new-model causes the local username and password on the router
!--- to be used in the absence of other AAA statements.
aaa new-model
username cisco password 0 cisco
!--- Step 2: Configure the router's DNS domain.
ip domain-name yourdomain.com
!--- Step 3: Generate an SSH key to be used with SSH.
crypto key generate rsa
ip ssh time-out 60
ip ssh authentication-retries 3
!--- Step 4: By default the vtys' transport is Telnet. In this case,
!--- Telnet and SSH is supported with transport input all
line vty 0 4
transport input All
*!--- Instead of aaa new-model, the login local command may be used.
no aaa new-model
line vty 0 4
login local
Let me know how it works out!
Please don't forget to Rate and mark as correct the helpful Post!
David Castro,
Regards, -
TACACS enable password is not working after completing ACS & MS AD integration
Enable password for (Router, Switches) is working fine if identify source is "Internal Users", unfortunately after completed the integration between ACS to MS AD, and change the Identity source to "AD1" I got the following result
1. able to access network device (cisco switch) using MS AD username and password via SSH/Telnet.
2. Enable password is not working (using the same user password configured in MS AD.
3. When I revert back and change the ACS identity source from "AD1" to "Internal Users" enable password is working fine.
Switch Tacacs Configuration
aaa new-model
aaa authentication login default none
aaa authentication login ACS group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec ACS group tacacs+ local
aaa authorization commands 15 ACS group tacacs+ local
aaa accounting exec ACS start-stop group tacacs+
aaa accounting commands 15 ACS start-stop group tacacs+
aaa authorization console
aaa session-id common
tacacs-server host 10.X.Y.11
tacacs-server timeout 20
tacacs-server directed-request
tacacs-server key gacakey
line vty 0 4
session-timeout 5
access-class 5 in
exec-timeout 5 0
login authentication ACS
authorization commands 15 ACS
authorization exec ACS
accounting commands 15 ACS
accounting exec ACS
logging synchronous
This is my first ACS - AD integration experience, hoping to fix this issue with your support, thanks in advance.
Regards,Hi Edward,
I created a new shell profiles named "root" as the default one "Permit Access" can't be access or modified, underneath the steps I've made.
1. Create a new shell profile name "root" with max privilege of 15. And then used it in "Default Device Admin/Authorization/Rule-1" shell profile - see attached file for more details.
2. Telnet the Switch and then Issue "debug aaa authentication" using both "Root Shell" and "Permit Access" applied in Rule-1 profile.
Note:
I also attached here the captured screen and debug result for the "shell profiles"
Maybe you are looking for
-
Looking for a lens that will take sharp flower, bug photography, but also sharp portrait pictures. Thank you!
-
Limitations of compressed composites?
Ok, per my previous post, I'm completely in love with compressed composites. However, it does seem like there are some limitations with using them. Can someone who has played with these more than I please confirm the following (and let me know if the
-
Cannot see the delta option in update tab for info package
Hi, I need to create 3 info packages for a data source. When I right click and pick create infopackage and go to the update tab to choose delta, I see only full and initialize... Can someone let me know why, and what should I do to see the delta opti
-
Many years ago, I had a copy of fireworks and dreamweaver. It seemed like I only worked with fireworks and created websites, links etc. Do you have to have both and somehow they work in tandem?
-
Reg:Oracle database Review
Dear all, i need a review document of oracle 9i,10g,11g.please send me the procedure/step/commands of oracle, how to review Oracle database. Regards Sachin agarwal