Cisco router 3800 hub .. enable password not configure

Similar Messages

• Configure a Cisco router with Username and Password.

  Hello Guys,
  Am quite new in cisco and i need to configure an 891 cisco router,can someone please show me step by step configuration commands for configuring Username and Secret Password.I would like the router to ask for "Username"and " Password" anytime i want to login the router through telnet.I also want to know if i have to erase the default configurations on the router first, before i start the configuration,and how it should be done in other not to loose the router whiles working on it.Thanks for your usual quick responds.
  Regards,
  Eben.

  Hello Eben,
  Peter has suggested to use SSH because of the fact that telnet data is sent in clear text, so someone with the right tools could easily find your password and your device could/would be compromised. It is security best practice. SSH is encrypted.
  Technically speaking you do not need to change the hostname / domain name. But majority of Cisco documentation follow this method.
  In case you are interested on how to do this without change... see below.
  Router(config)#
  Router(config)#crypto key generate rsa modulus 1024
  % Please define a hostname other than Router.
  Router(config)#crypto key generate rsa modulus 1024 label CISCO
  The name for the keys will be: CISCO
  % The key modulus size is 1024 bits
  % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
  Router(config)#
  *Jul 11 13:27:51.431: %SSH-5-ENABLED: SSH 1.99 has been enabled
  Router(config)#
  The normal cases just as shown in Cisco documentation, the parser (without a label on the crypto key) would force us to change the hostname, create a domain name. I think the domain name is there to put a label on the keys.
  Router(config)#crypto key generate rsa general-keys modulus 1024
  % Please define a hostname other than Router.
  Router(config)#crypto key generate rsa
  % Please define a hostname other than Router.
  Router(config)#hos
  Router(config)#hostname ISR
  lexnetISR(config)#crypto key generate rsa general-keys modulus 1024
  % Please define a domain-name first.
  ISR(config)#ip domain name net.com
  ISR(config)#exit
  ISR(config)#crypto key generate rsa general-keys modulus 1024
  The name for the keys will be: ISR.net.com
  % The key modulus size is 1024 bits
  % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

• Cisco 1130 ag - The system is not configured to boot automatically

  I have a problem on a 1131ag Access point on recycle it stops and makes me maunually type BOOT at the ap: prompt
  ----------VVVVVVVVVVVVV----------------
  ap: Xmodem file system is available.
  flashfs[0]: 282 files, 13 directories
  flashfs[0]: 0 orphaned files, 0 orphaned directories
  flashfs[0]: Total bytes: 15998976
  flashfs[0]: Bytes used: 9497088
  flashfs[0]: Bytes available: 6501888
  flashfs[0]: flashfs fsck took 33 seconds.
  Base ethernet MAC Address: 00:12:d9:2b:39:0c
  Initializing ethernet port 0...
  Reset ethernet port 0...
  Reset done!
  ethernet link up, 100 mbps, full-duplex
  Ethernet port 0 initialized: link is up
  The system is not configured to boot automatically. The
  following command will finish loading the operating system
  software:
  boot
  C1130 Boot Loader (C1130-BOOT-M) Version 12.3(2)JA, RELEASE SOFTWARE (fc2)
  Technical Support: http://www.cisco.com/techsupport
  Compiled Mon 08-Nov-04 12:40 by ccai
  [I have to type "boot" here to load system]
  ap: boot
  Loading "flash:/c1130-k9w7-mx.123-7.JA4/c1130-k9w7-mx.123-7.JA4"...#############
  File "flash:/c1130-k9w7-mx.123-7.JA4/c1130-k9w7-mx.123-7.JA4" uncompressed and 0
  executing...
  Restricted Rights Legend
  Use, duplication, or disclosure by the Government is
  subject to restrictions as set forth in subparagraph
  (c) of the Commercial Computer Software - Restricted
  Rights clause at FAR sec. 52.227-19 and subparagraph
  (c) (1) (ii) of the Rights in Technical Data and Computer
  Software clause at DFARS sec. 252.227-7013.
  cisco Systems, Inc.
  170 West Tasman Drive
  San Jose, California 95134-1706
  Cisco IOS Software, C1130 Software (C1130-K9W7-M), Version 12.3(7)JA4, RELEASE )
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2006 by Cisco Systems, Inc.
  Compiled Tue 05-Sep-06 14:14 by alnguyen
  Image text-base: 0x00003000, data-base: 0x00683F60
  Initializing flashfs...
  flashfs[1]: 282 files, 13 directories
  flashfs[1]: 0 orphaned files, 0 orphaned directories
  flashfs[1]: Total bytes: 15998976
  flashfs[1]: Bytes used: 9497088
  flashfs[1]: Bytes available: 6501888
  flashfs[1]: flashfs fsck took 4 seconds.
  flashfs[1]: Initialization complete....done Initializing flashfs.
  [Legal notes removed]
  cisco AIR-AP1131AG-A-K9 (PowerPCElvis) processor (revision B0) with 24566K/8.
  Processor board ID FOC08514JMF
  PowerPCElvis CPU at 262Mhz, revision number 0x0950
  Last reset from power-on
  1 FastEthernet interface
  2 802.11 Radio(s)
  32K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address: 00:12:D9:2B:39:0C
  Part Number : 73-8962-06
  PCA Assembly Number : 800-24818-06
  PCA Revision Number : B0
  PCB Serial Number : FOC08514JMF
  Top Assembly Part Number : 800-25544-01
  Top Assembly Serial Number : FTX0909T049
  Top Revision Number : A0
  Product/Model Number : AIR-AP1131AG-A-K9
  -----------^^^^^^^^^^^^------------------
  I have already performed the ap: set BOOT etc commands a dozen times with the same results.
  It says: The system is not configured to boot automatically.
  I've been trying to get this one going for 4 months now..it was knocked out during a power outage while upgrading it.

  I didn't know how to get to global configuration mode - I did manage to get there with a bit of guess work.
  You use AP: Boot
  Let it go through the boot process then at the AP> prompt, [enable] priviledged command set, type in password.
  At AP# prompt type [config] then press enter for [terminal] at AP#[config] type NO BOOT MANUAL press [Enter] key and reboot AP.
  Question...Do I have to use a WRITE command to write the configuration to CMOS?
  I did just play it safe.

• ASA5510 Enable password not working

  Hi all,
  I have a problem with an ASA5510 (8.0.4) firewall in South Africa (I'm in the UK).
  It's a replacement firewall that I am trying to configure remotely through a serial device with an internet facing connection, but the enable password is not working.
  I can connect to the device OK, type 'en' and when propted for the password whatever I use (blank, cisco, Cisco etc.) I get an 'invalid password' message.
  Does anyone know how I can recover this remotely, if that is possbile?
  Thanks
  Alex

  Hi,
  Thanks for your reply.
  Unfortunately, I have not configured aaa authentication - this is a replacement box with no config on it yet.
  Is there anything else I can try?
  Many thanks
  Alex

• Why do my firewalls only use the domain username and password for login and enable passwords, not a different enable password like my switches do? The RADIUS config looks the same...

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:10.0pt;
  font-family:"Times New Roman","serif";}
  Issue:
  Cisco firewalls require only one level of password i.e. the domain username and password are used for both logging in as well as reaching global configuration mode.
  Background:
  We have multiple Cisco network devices set up which authenticate to our Windows domain controller using NPS (Windows 2008 R2). The switches we have set up all function exactly as we would hope as they require your domain username and password to login to the device. They then require a separate password when you use the enable command, this is stored in Active Directory:
  Switches:
  Username:domain-username
  Password:domain-password
  SWITCH>enable
  Password:enable-password-in-Active-Directory
  SWITCH#
  Firewalls (as they currently are):
  Username:domain-username
  Password:domain-password
  FIREWALL>enable
  Password:domain-password
  FIREWALL #
  With the firewalls however, they require your domain username and password first, and then your domain password again when using the enable command. I want the firewalls to use the enable level password that the switches currently use instead of the domain password again. The current configuration look like the following:
  Current switch configuration:
  aaa new-model
  aaa authentication login default group radius local
  aaa authentication enable default group radius enable
  aaa authorization exec default group radius local
  aaa session-id common
  radius-server host 192.168.0.1 auth-port 1645 acct-port 1646
  radius-server source-ports 1645-1646
  radius-server key 7 1234abcd
  Current firewall configuration:
  aaa-server DC01 protocol radius
  aaa-server DC01 (outside) host 192.168.0.1
  aaa authentication ssh console DC01 LOCAL
  aaa authentication enable console DC01 LOCAL
  key 1234abcd
  Any help would be great, thanks!

  Cisco ASA works that way by design. You could remove "aaa authentication enable" and then you could use the "enable password" command to set your enable password.
  But if you do that, then ASA would change your username to "enable_15". That would break Authorization and Accounting if you're using them. Let me clarify with an example
  Firewalls :
  Username:domain-username
  Password:domain-password
  FIREWALL>show curpriv
  Username : domain-username
  Current privilege level : 1
  Current Mode/s : P_UNPR
  FIREWALL>enable
  Password:enable-password-from-running-config
  FIREWALL #show curpriv
  Username : enable_15
  Current privilege level : 15
  Current Mode/s : P_PRIV
  If you're using Authorization and Accounting it's recommended to stick with your current behavior.

• Internal Mail Routing Between HUB servers Is Not Working Correctly

  Howdy, Been scratching my head on this one for a while. 
  First off, running Exchange 2010 Sp3 RU5 across the board. 
  I have attached a diagram of our environment for visual aid. Please take a look as it makes more sense. 
  I have drawn the correct mail flow in black and what is happening in red.
  Forest A Site A, has a dedicated edge, dedicated Hub and dedicated CAS 
  Forest A Site A child domain 1, has a multi-roled MBX,HUB,CAS
  Forest A Site B child domain 2, has a multi-roled MBX,HUB,CAS
  Forest B Site C, has a multi-roled MBX,HUB,CAS
  Mail flows TO child domain 2 just fine, but outgoing mail from that same domain keeps routing through HUB in child domain 1 instead of HUB in forest root domain. 
  The send connector for the organization in Forest A is configured to only send through the dedicated HUB server in Forest A. The Receive connector in Forest A's HUB is also configured correctly. But no matter what i do, mail outgoing from child domain
  2 continues to flow to child domain 1 instead of through the dedicated HUB server. 
  Mail needs to flow so for now i added the HUB in child domain 1 as a source server in the organization's send connector and set up the receive connector in child domain 1 to allow a work around for now. 
  I think this is an issue in the routing group connector but its just a guess. Any ideas? 

  Hi,
  Active Directory IP site links costs are based on relative network speed compared to all network connections in the WAN and are designed to produce a reliable and efficient replication topology. Therefore, in most cases, the existing IP site link costs should
  work well for Exchange 2010 message routing. However, if after documenting the existing Active Directory site and IP site link topology, you verify that the Active Directory IP site link costs and traffic flow patterns aren't optimal for Exchange 2010, you
  can make adjustments to the costs evaluated by Exchange.
  You can use the Set-AdSiteLink cmdlet to assign an Exchange-specific cost to an Active Directory IP site link.
  More details refer to the following articles:
  Controlling IP Site Link Costs
  Set-AdSiteLink
  Hope this helps!
  Thanks.
  Niko Cheng
  TechNet Community Support

• Unable to login to the web console cisco Prime assurance 9.0 password not working :(

  Hi all,
  I was able to install the Cisco Prime 9.0 assurance
  I am entering the correct username and password still I am not able to login to Web admin page
  How do i reset the password and login to the web admin console??
  Plz help... urgent...
  Rgds,
  Rebecca.... 

  Thanks Rob so much
  yes i booted the NCS from the DVD and installed the applications
  now i have two NCS appliances one is running PI 1.2 and other LMS 4.2

• How can i get the password of Cisco router ?

  My Cisco router user name and password forgot. Can anyone help me to reset cisco router password ? Thanks.

  Many routers can have a master reset done to them by finding the little hole/button on the back of the device and holding it down with your finger/a pen or something and counting to about 30. From there you will need to research what the default master password'/username is to enter the gateway .
  I am not affiliated with Best Buy nor have I ever been employed by Best Buy. All of my thoughts and posts are of my own opinion and personal experience.
  I may not always know the right answer, but I will always tell you what I do know. I also do free computer analysis and consultation via private message.

• Password not set.

  hi all
  i hope this is the correct area to post.
  i am doing my CCNA and want to overcome a small problem.
  when trying to 'telnet' into my 2610 router i get the
  'Password not Set' message and then disconnected.
  i did see a mention of this among the pages and pages of cisco support area.
  the ping is successful, and i do get the banner MOTD shown as i telnet in.
  so suggestions please, and have i posted enough info?
  regards
  c

  Hi
  You can get onto the router via console port and configure the password for the same under the line vty 0 4 which will set the telnet password for the router.
  line vty 0 4
  password cisco
  Also do check up whether you have configured either enable password or secret to get the privilege access to configure the router..
  regds

• Tacacs+ Authenticating the Enable Password

  I have the following configuration on my switch and it works correctly:
  aaa group server tacacs+ tacacs_serv
  server 192.168.70.20
  aaa authentication login tac_auth group tacacs_serv local
  line vty 0 15
  login authentication tac_auth
  transport input ssh
  The configuration above works correctly, my username/pwd are authenticated via Tacacs+ and the "enable" password is confirmed via the local database on the switch.
  When I make the following changes attempeing to have Tacacs validate the username/pwd as well as the "enable" password I cannot log into the switch at all.
  aaa group server tacacs+ tacacs_serv
  server 192.168.70.20
  aaa authentication login default group tacacs_serv local
  aaa authentication enable default group tacacs_serv enable
  line vty 0 15
  login authentication default
  transport input ssh
  The switch is running 12.2(44)SE6. The username/pwd are in the local database of the Linux server. The Enable password is configured in two places within the tac_plus.conf file:
  host = 192.168.70.15 {
          prompt = "Enter your Username and Password. Username: "
          enable = cleartext "password"
  AND
  user = $enab15$ {
          login = cleartext "password"
  Any help would be appreciated.
  Thanks

  I added the priv-lvl to enable15:
  user = $enabl15$ {
          login = cleartext 802.11boingo
          priv-lvl = 15
  It is also in the testuser config:
  user = testuser {
          login = PAM
          member = admin
          service = exec
          priv-lvl = 15
  It is also in the group config:
  group = admin {
          # group members who don't have their own login password will be
          # looked up in /etc/passwd
          #login = file /etc/passwd
          login = PAM
          # group members who have no expiry date set will use this one
          #expires = "Jan 1 1997"
          # only allow access to specific routers
          acl = default
          # Needed for the router to make commands available to user (subject
          # to authorization if so configured on the router
          service = exec {
                  priv-lvl = 15
                  #default service = permit
  Below is the latest debug:
  CCG-WLA-TEST-SWT-1>ena
  Password:
  Dec 10 16:06:45.755: AAA: parse name=tty0 idb type=-1 tty=-1
  Dec 10 16:06:45.755: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0
  Dec 10 16:06:45.755: AAA/MEMORY: create_user (0x1F3CB4C) user='testuser' ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)
  Dec 10 16:06:45.755: AAA/AUTHEN/START (3173866470): port='tty0' list='' action=LOGIN service=ENABLE
  Dec 10 16:06:45.755: AAA/AUTHEN/START (3173866470): using "default" list
  Dec 10 16:06:45.755: AAA/AUTHEN/START (3173866470): Method=tacacs_serv (tacacs+)
  Dec 10 16:06:45.755: TAC+: send AUTHEN/START packet ver=192 id=-1121100826
  Dec 10 16:06:46.057: TAC+: ver=192 id=-1121100826 received AUTHEN status = GETPASS
  Dec 10 16:06:46.057: AAA/AUTHEN (3173866470): status = GETPASS
  % Error in authentication.

• Cisco router + SSH ?

  Does a Cisco router support SSH? How to configure?

  Cisco routers support SSH. However, you need to have an IPSEC encryption image running on the router. Configuring SSH on a router is a simple process.
  Use this link to configure SSH:
  http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7d5.html#wp1007881
  HTH
  Sundar

• Tacacs+ Enable password is not working on Cisco Switch

  Ladies/Gents,
  I am facing issues when enabling tacacs authentication on my cisco switch, aaa login/password is working, aaa enable is not. Underneath details of my devices.
  Cisco ACS 1121: version 5.1
  Cisco Switch 3560: ios ver 15
  I also attached here some documents for your review and comment (switch aaa configuration, debug aaa authentication, acs captured screen)
  Hoping to receive an update and comment from you soon.
  Thanks,
  Arnold

  Hi Edward,
  I created a new shell profiles named "root" as the default one "Permit Access" can't be access or modified, underneath the steps I've made.
  1. Create a new shell profile name "root" with max privilege of 15. And then used it in "Default Device Admin/Authorization/Rule-1" shell profile - see attached file for more details.
  2. Telnet the Switch and then Issue "debug aaa authentication" using both "Root Shell" and "Permit Access" applied in Rule-1 profile.
  Note:
  I also attached here the captured screen and debug result for the "shell profiles"

• Configure a Cisco router with telnet Username and Password.

  Hello Guys,
  Am quite new in cisco and i need to configure an 891 cisco router,can someone please show me step by step configuration commands for configuring Username and Secret Password.I would like the router to ask for "Username"and " Password" anytime i want to login the router through telnet.I also want to know if i have to erase the default configurations on the router first, before i start the configuration,and how it should be done in other not to loose the router whiles working on it.Thanks for your usual quick responds.
  Regards,
  Eben.

  From this forum description:
  Note: If your questions pertain to specific Cisco technology or solution, please post them in the proper community by leveraging the Community Directory so that folks who have expertise within those areas can engage and collaborate to it.
  You should consider to delete your question here and recreate in in more appropriate forum. You can wish for quick response then ...
  Edit: Thread has been moved by moderator, the notice no longer apply.

• Not able to telnet or ssh to outside interface of ASA and Cisco Router

  Dear All
  Please help me with following question, I have set up testing lab, but still not work.
  it is Hub and spoke site to site vpn case, connection between hub and spoke is metro-E, so we are using private ip for outside interface at each site.
  Hub -- Juniper SRX
  Spoke One - Cisco ASA with version 9.1(5)
  spoke two - Cisco router with version 12.3
  site to site vpn has been successful established. Customer would like to telnet/ssh to spoke's outside ip from Hub(using Hub's outside interface as source for telnet/ssh), or vise versa. Reason for setting up like this is they wants to be able to make configuration change even when site to site vpn is down. Sound like a easy job to do, I tried for a long time, search this forum and google too, but still not work.
  Now I can successfully telnet/ssh to Hub SRX's outside interface from spoke (ASA has no telnet/ssh client, tested using Cisco router).
  Anyone has ever done it before, please help to share your exp. Does Cisco ASA or router even support it?
  When I tested it, of cause site to site vpn still up and running.
  Thanks
  YK

  Hello YK,
  On this case on the ASA, you should have the following:
  CConfiguring Management Access Over a VPN Tunnel
  If your VPN tunnel terminates on one interface, but you want to manage the ASA by accessing a different interface, you can identify that interface as a management-access interface. For example, if you enter the ASA from the outside interface, this feature lets you connect to the inside interface using ASDM, SSH, Telnet, or SNMP; or you can ping the inside interface when entering from the outside interface. Management access is available via the following VPN tunnel types: IPsec clients, IPsec LAN-to-LAN, and the AnyConnect SSL VPN client.
  To specify an interface as a mangement-only interface, enter the following command:
  hostname(config)# management access management_interface
  where management_interface specifies the name of the management interface you want to access when entering the security appliance from another interface.
  You can define only one management-access interface
  Also make sure you have the pertinent configuration for SSH, telnet, ASDM and SNMP(if required), for a quick test you can enable on your lab Test:
    SSH
  - ssh 0 0 outside
  - aaa authentication ssh console LOCAL
  - Make sure you have a default RSA key, or create a new one either ways, with this command:
      *crypto key generate rsa modulus 2048
  Telnet
  - telnet 0 0 outside
  - aaa authentication telnet console LOCAL
  Afterwards, if this works you can define the subnets that should be permitted.
  On the router:
  !--- Step 1: Configure the hostname if you have not previously done so.
  hostname Router
  !--- aaa new-model causes the local username and password on the router
  !--- to be used in the absence of other AAA statements.
  aaa new-model
  username cisco password 0 cisco
  !--- Step 2: Configure the router's DNS domain.
  ip domain-name yourdomain.com
  !--- Step 3: Generate an SSH key to be used with SSH.
  crypto key generate rsa
  ip ssh time-out 60
  ip ssh authentication-retries 3
  !--- Step 4: By default the vtys' transport is Telnet. In this case, 
  !--- Telnet and SSH is supported with transport input all
  line vty 0 4
  transport input All
  *!--- Instead of aaa new-model, the login local command may be used.
  no aaa new-model
  line vty 0 4
    login local
  Let me know how it works out!
  Please don't forget to Rate and mark as correct the helpful Post!
  David Castro,
  Regards,

• TACACS enable password is not working after completing ACS & MS AD integration

  Enable password for (Router, Switches) is working fine if identify source is "Internal Users", unfortunately after completed the integration between ACS to MS AD, and change the Identity source to "AD1" I got the following result
  1. able to access network device (cisco switch) using MS AD username and password via SSH/Telnet.
  2. Enable password is not working (using the same user password configured in MS AD.
  3. When I revert back and change the ACS identity source from "AD1" to "Internal Users" enable password is working fine.
  Switch Tacacs Configuration
  aaa new-model
  aaa authentication login default none
  aaa authentication login ACS group tacacs+ local
  aaa authentication enable default group tacacs+ enable
  aaa authorization exec ACS group tacacs+ local 
  aaa authorization commands 15 ACS group tacacs+ local 
  aaa accounting exec ACS start-stop group tacacs+
  aaa accounting commands 15 ACS start-stop group tacacs+
  aaa authorization console
  aaa session-id common
  tacacs-server host 10.X.Y.11
  tacacs-server timeout 20
  tacacs-server directed-request
  tacacs-server key gacakey
  line vty 0 4
   session-timeout 5 
   access-class 5 in
   exec-timeout 5 0
   login authentication ACS
   authorization commands 15 ACS
   authorization exec ACS
   accounting commands 15 ACS
   accounting exec ACS
   logging synchronous
  This is my first ACS - AD integration experience, hoping to fix this issue with your support, thanks in advance.
  Regards,

  Hi Edward,
  I created a new shell profiles named "root" as the default one "Permit Access" can't be access or modified, underneath the steps I've made.
  1. Create a new shell profile name "root" with max privilege of 15. And then used it in "Default Device Admin/Authorization/Rule-1" shell profile - see attached file for more details.
  2. Telnet the Switch and then Issue "debug aaa authentication" using both "Root Shell" and "Permit Access" applied in Rule-1 profile.
  Note:
  I also attached here the captured screen and debug result for the "shell profiles"