Enable password recovery in cisco 2950 with AAA
Hello friends,
I need to reccover switch enable password, i have already configured AAA also, when i am tryig to follow below proceedure finally saying Authorization failed. how can i recover enable password,
Regards,
Haris
If I try to recover password like this description says
http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_25_see/configuration/guide/swtrbl.html#wp1090048
Step 1 Connect a terminal or PC with terminal-emulation software to the switch console port.
Step 2 Set the line speed on the emulation software to 9600 baud.
Step 3 Power off the switch. Reconnect the power cord to the switch and, within 15 seconds, press the Mode button while the System LED is still flashing green.
Base ethernet MAC Address: 00:0x:xx:xx:xx:xx
Xmodem file system is available.
The password-recovery mechanism is enabled.
The system has been interrupted prior to initializing the
flash filesystem. The following commands will initialize
the flash filesystem, and finish loading the operating
system software:
flash_init
load_helper
boot
switch:
Step 4 switch: flash_init
Initializing Flash...
flashfs[0]: 600 files, 19 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 32514048
flashfs[0]: Bytes used: 7713792
flashfs[0]: Bytes available: 24800256
flashfs[0]: flashfs fsck took 10 seconds.
...done Initializing Flash.
Boot Sector Filesystem (bs) installed, fsid: 3
Setting console baud rate to 9600...
Step5 switch:load_helper
Step6 switch: dir flash:
Directory of flash:/
2 -rwx 916 <date> vlan.dat
5 drwx 192 <date> c2960-lanbase-mz.122-25.SEE1
620 -rwx 5488 <date> config.text
621 -rwx 5 <date> private-config.text
24800256 bytes available (7713792 bytes used)
Step7 switch: rename flash:config.text flash:config.text.old
Step8 switch: boot
Loading "flash:c2960-lanbase-mz.122-25.SEE1/c2960-lanbase-mz.122-25.SEE1.bin"...
Initializing flashfs...
flashfs[1]: 600 files, 19 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 32514048
flashfs[1]: Bytes used: 7713792
flashfs[1]: Bytes available: 24800256
flashfs[1]: flashfs fsck took 1 seconds.
flashfs[1]: Initialization complete....done Initializing flashfs.
64K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:0x:xx:xx:xx:xx
Motherboard assembly number : xxxxxxxxxx
Power supply part number : xxxxxxxxxxx
Motherboard serial number : xxxxxxxxxxx
Power supply serial number : xxxxxxxxxxx
Model revision number : B0
Motherboard revision number : B0
Model number : WS-C2960G-24TC-L
System serial number : xxxxxxxxxxxx
Top Assembly Part Number : xxxxxxxxxxxx
Top Assembly Revision Number : B0
Version ID : V02
CLEI Code Number : xxxxxxxxxxxxx
Hardware Board Revision Number : 0x01
Switch Ports Model SW Version SW Image
* 1 24 WS-C2960G-24TC-L 12.2(25)SEE1 C2960-LANBASE-M
Press RETURN to get started!
Step9 Hit <Enter>
Would you like to terminate autoinstall? [yes]: yes
Step10
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]no
Switch>
Step11 Switch> enable
Step12 Switch# rename flash:config.text.old flash:config.text
Destination filename [config.text]? <Enter>
Step13 Switch# copy flash:config.text system:running-config
Destination filename [running-config]?<Enter>
5488 bytes copied in 0.940 secs (5838 bytes/sec)
Step14 NewSwitchName#conf t
% Authorization failed.
Doesn't this procedure work any more ?
The password recovery worked, but you copied your problematic config back to the switch. Skip Step 13 and paste only the working part of the config to the switch.
You can see your renamed config with "more flash:config.text.old".
Similar Messages
-
Password recovery on Cisco AP 1232
Hi all.
I have a Cisco 1232 AP at a remote location. It was configured by somebody no longer with the company and I have no passwords for it, no do I have a back up config.
It is using local authenticaiton.
Is there a way to do a password recovery without losing the current configuration?Check this out:
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_password_recovery09186a00800949d0.shtml#resios
There is another similar post on this board for using a password cracker.
Here's a link to the thread:
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=Getting%20Started%20with%20Wireless&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dddb082/1#selected_message
Good Luck
Scott -
Password recovery on Cisco 851
Hi!
I'm new in a company, previous technician forgot secret on Cisco 851, so i've tried to recover it today. I've connected to serial with PuTTy, turned of router for 10 seconds, turned on, then i pressed break for 20-30 seconds. I couldn't get to ROMMON. I've tried Windows Hyppertrminal, i've tried Ctrl+break - nothing. Cisco didn't receive my break command. Why was that?
ThanksI've tried Windows Hyppertrminal, i've tried Ctrl+break - nothing. Cisco didn't receive my break command.Standard Break Key Sequence Combinations During Password Recoveryhttp://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a0080174a34.shtml?referring_site=bodynav
-
6509 - 720 Supervisor Module Failure after Password Recovery
Hi,
I attempted to perform a password recovery on a 6509 with dual WS-SUP720-3B modules running 12.2(33)SXI2A.
After changing the configuration register to 0x2142 and booting, I am getting a major error on the supervisor modules. I've changed the configuration register back to 0x2102 and am still getting the same error on both supervisor modules. I've also tried it with one module removed and one module installed.
I have about 30 seconds in where I can run commands before I get booted to rommon.
Any thoughts?
See below for the console output:
System Bootstrap, Version 8.5(3)
Copyright (c) 1994-2008 by cisco Systems, Inc.
Cat6k-Sup720/SP processor with 524288 Kbytes of main memory
Autoboot executing command: "boot bootdisk:"
Initializing ATA monitor library...
string is bootdisk:s72033-ipservicesk9-mz.122-33.SXI2a.bin
Loading image, please wait ...
Initializing ATA monitor library...
Self extracting the image... [OK]
Self decompressing the image : ################################################################################################################################################################################################### [OK]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, s72033_sp Software (s72033_sp-IPSERVICESK9-M), Version 12.2(33)SXI2a, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Sep-09 01:25 by prod_rel_team
Image text-base: 0x40101328, data-base: 0x4224F120
*Apr 19 05:03:02.747: %SYS-SP-3-LOGGER_FLUSHING: System pausing to ensure console debugging output.
*Apr 19 05:03:01.515: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor for this switch
Firmware compiled 19-May-09 12:08 by apyu Build [25600]
*Apr 19 05:03:02.747: %OIR-SP-6-CONSOLE: Changing console ownership to route processor
System Bootstrap, Version 12.2(17r)SX5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2006 by cisco Systems, Inc.
Cat6k-Sup720/RP platform with 524288 Kbytes of main memory
Download Start
Download Completed! Booting the image.
Self decompressing the image : ############################################################################################################################################################################################################################################################################################################################ [OK]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9-M), Version 12.2(33)SXI2a, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Sep-09 01:00 by prod_rel_team
Image text-base: 0x40101328, data-base: 0x43A51E70
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco WS-C6509-E (R7000) processor (revision 1.5) with 458720K/65536K bytes of memory.
Processor board ID SMC133600GT
SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
Last reset from s/w reset
1 Virtual Ethernet interface
194 Gigabit Ethernet interfaces
1917K bytes of non-volatile configuration memory.
8192K bytes of packet buffer memory.
65536K bytes of Flash internal SIMM (Sector size 512K).
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: no
Press RETURN to get started!
*Apr 19 04:55:51.335: RP: Currently running ROMMON from S (Gold) region
*Apr 19 04:55:52.107: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan. The Bridge IDs of all active STP instances have been updated, which might change the spanning tree topology
*Apr 19 04:56:00.531: %SYS-5-RESTART: System restarted --
Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9-M), Version 12.2(33)SXI2a, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c)
Router> 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Sep-09 01:00 by prod_rel_team
*Apr 19 05:03:03.111: %SYS-SP-3-LOGGER_FLUSHED: System was paused for 00:00:00 to ensure console debugging output.
*Apr 19 04:55:46.739: %SPANTREE-SP-5-EXTENDED_SYSID: Extended SysId enabled for type vlan. The Bridge IDs of all active STP instances have been updated, which might change the spanning tree topology
*Apr 19 04:55:46.747: SP: SP: Currently running ROMMON from S (Gold) region
*Apr 19 04:55:47.483: %SCHED-SP-7-WAen
Router#TCH: Attempt to set uninitialized watched boolean (address 0). -Process= "<interrupt level>", ipl= 1, pid= 3
-Traceback= 408E0820 40D74FEC 40D4B31C 40D4A1A8 40D46448 40F604B8 4173CCDC
*Apr 19 04:55:59.607: %SYS-SP-5-RESTART: System restarted --
Cisco IOS Software, s72033_sp Software (s72033_sp-IPSERVICESK9-M), Version 12.2(33)SXI2a, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Sep-09 01:25 by prod_rel_team
Router#
Router#Apr 19 04:56:00.591: %OIR-SP-6-INSPS: Power supply inserted in slot 1
*Apr 19 04:56:00.695: %C6KPWR-SP-4-PSOK: power supply 1 turned on.
*Apr 19 04:56:00.943: %OIR-SP-6-INSPS: Power supply inserted in slot 2
Router#
Router#
Router#
*Apr 19 04:56:08.099: %FABRIC-SP-5-CLEAR_BLOCK: Clear block option is off for the fabric in slot 5.
*Apr 19 04:56:08.195: %FABRIC-SP-5-FABRIC_MODULE_ACTIVE: The Switch Fabric Module in slot 5 became active.
Router#
Router#
Router#
*Apr 19 04:56:09.567: %DIAG-SP-6-RUN_MINIMUM: Module 5: Running Minimal Diagnostics...
Router#
Router#
Router#
Router#show diagnostic result
% Incomplete command.
Router#show diagnostic result ?
module Module Keyword
Router#show diagnostic result ,modu modjle ule 5
Current bootup diagnostic level: minimal
Module 5: Supervisor Engine 720 (Active) SerialNo : SAL1338YTZ0
Overall Diagnostic Result for Module 5 : UNTESTED
Diagnostic level at card bootup: minimal
Test results: (. = Pass, F = Fail, U = Untested)
1) TestScratchRegister -------------> U
2) TestSPRPInbandPing --------------> U
3) TestTransceiverIntegrity:
Port 1 2
U U
4) TestActiveToStandbyLoopback:
Port 1 2
--More-- U U
5) TestLoopback:
Port 1 2
6) TestNewIndexLearn ---------------> .
7) TestDontConditionalLearn --------> .
8) TestBadBpduTrap -----------------> .
9) TestMatchCapture ----------------> .
10) TestProtocolMatchChannel --------> .
11) TestFibDevices ------------------> F
12) TestIPv4FibShortcut -------------> F
13) TestL3Capture2 ------------------> F
14) TestIPv6FibShortcut -------------> F
15) TestMPLSFibShortcut -------------> F
16) TestNATFibShortcut --------------> F
17) TestAclPermit -------------------> F
18) TestAclDeny ---------------------> U
--More-- 19) TestQoSTcam ---------------------> U
20) TestL3VlanMet -------------------> U
21) TestIngressSpan -----------------> U
22) TestEgressSpan ------------------> U
23) TestNetflowInlineRewrite:
Port 1 2
U U
24) TestFabricSnakeForward ----------> U
25) TestFabricSnakeBackward ---------> U
26) TestTrafficStress ---------------> U
27) TestFibTcamSSRAM ----------------> U
28) TestAsicMemory ------------------> U
29) TestAclQosTcam ------------------> U
30) TestNetflowTcam -----------------> U
31) ScheduleSwitchover --------------> U
32) TestFirmwareDiagStatus ----------> U
33) TestAsicSync --------------------> U
34) TestUnusedPortLoopback:
--More--
Router#[Ashow diagnostic result module 5
Current bootup diagnostic level: minimal
Module 5: Supervisor Engine 720 (Active) SerialNo : SAL1338YTZ0
Overall Diagnostic Result for Module 5 : UNTESTED
Diagnostic level at card bootup: minimal
Test results: (. = Pass, F = Fail, U = Untested)
1) TestScratchRegister -------------> U
2) TestSPRPInbandPing --------------> U
3) TestTransceiverIntegrity:
Port 1 2
U U
4) TestActiveToStandbyLoopback:
Port 1 2
--More--
Router#
*Apr 19 04:56:29.637: %DIAG-SP-3-MAJOR: M
%Software-forced reload
04:56:30 UTC Sun Apr 19 2015: Breakpoint exception, CPU signal 23, PC = 0x42735338
Possible software fault. Upon reccurence, please collect
crashinfo, "show tech" and contact Cisco Technical Support.
-Traceback= 42735338 42732E8C 423A6220 423A624C 421C1388 4223F614 4223F670 40962164 40963034 40962F54 40963D28 423259D0 42319604 42319820 42727FEC
$0 : 00000000, AT : 43FE0000, v0 : 45870000, v1 : 00000200
a0 : 46DC99C0, a1 : 44E05758, a2 : 00000000, a3 : 00000040
t0 : 00000010, t1 : 3400F101, t2 : 3400F100, t3 : FFFF00FF
t4 : 42728608, t5 : 00002F04, t6 : 80000000, t7 : 00000000
s0 : 00000000, s1 : 43EE0000, s2 : 50449158, s3 : 0000001F
s4 : 50449158, s5 : 470B3AB4, s6 : 00000000, s7 : 08A5DFC8
t8 : 08028FEC, t9 : 00000000, k0 : 00000000, k1 : 00000000
gp : 43FDDE8C, sp : 5000DBB0, s8 : 00000000, ra : 42732E8C
EPC : 42735338, ErrorEPC : 870FDDF0, SREG : 3400F103
MDLO : 00000000, MDHI : 00000000, BadVaddr : 00000000
DATA_START : 0x43A51E70
Cause 00000824 (Code 0x9): Breakpoint exception
Writing crashinfo to bootflash:crashinfo_20150419-045630
=== Flushing messages (04:56:30 UTC Sun Apr 19 2015) ===
Buffered messages:
*Apr 19 04:55:51.335: RP: Currently running ROMMON from S (Gold) region
*Apr 19 04:55:52.107: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan. The Bridge IDs of all active STP instances have been updated, which might change the spanning tree topology
*Apr 19 04:56:00.531: %SYS-5-RESTART: System restarted --
Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9-M), Version 12.2(33)SXI2a, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Sep-09 01:00 by prod_rel_team
*Apr 19 05:03:03.111: %SYS-SP-3-LOGGER_FLUSHED: System was paused for 00:00:00 to ensure console debugging output.
*Apr 19 04:55:46.739: %SPANTREE-SP-5-EXTENDED_SYSID: Extended SysId enabled for type vlan. The Bridge IDs of all active STP instances have been updated, which might change the spanning tree topology
*Apr 19 04:55:46.747: SP: SP: Currently running ROMMON from S (Gold) region
*Apr 19 04:55:47.483: %SCHED-SP-7-WATCH: Attempt to set uninitialized watched boolean (address 0). -Process= "<interrupt level>", ipl= 1, pid= 3
-Traceback= 408E0820 40D74FEC 40D4B31C 40D4A1A8 40D46448 40F604B8 4173CCDC
*Apr 19 04:55:59.607: %SYS-SP-5-RESTART: System restarted --
Cisco IOS Software, s72033_sp Software (s72033_sp-IPSERVICESK9-M), Version 12.2(33)SXI2a, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Sep-09 01:25 by prod_rel_team
*Apr 19 04:56:00.591: %OIR-SP-6-INSPS: Power supply inserted in slot 1
*Apr 19 04:56:00.695: %C6KPWR-SP-4-PSOK: power supply 1 turned on.
*Apr 19 04:56:00.943: %OIR-SP-6-INSPS: Power supply inserted in slot 2
*Apr 19 04:56:08.099: %FABRIC-SP-5-CLEAR_BLOCK: Clear block option is off for the fabric in slot 5.
*Apr 19 04:56:08.195: %FABRIC-SP-5-FABRIC_MODULE_ACTIVE: The Switch Fabric Module in slot 5 became active.
*Apr 19 04:56:09.567: %DIAG-SP-6-RUN_MINIMUM: Module 5: Running Minimal Diagnostics...
*Apr 19 04:56:29.637: %DIAG-SP-3-MAJOR: Module 5: Online Diagnostics detected a Major Error. Please use 'show diagnostic result <target>' to see test results.
*Apr 19 04:56:29.641: %CONST_DIAG-SP-3-BOOTUP_TEST_FAIL: Module 5: TestFibDevices failed
*Apr 19 04:56:29.641: %CONST_DIAG-SP-3-BOOTUP_TEST_FAIL: Module 5: TestIPv4FibShortcut failed
*Apr 19 04:56:29.641: %CONST_DIAG-SP-3-BOOTUP_TEST_FAIL: Module 5: TestL3Capture2 failed
*Apr 19 04:56:29.641: %CONST_DIAG-SP-3-BOOTUP_TEST_FAIL: Module 5: TestIPv6FibShortcut failed
*Apr 19 04:56:29.641: %CONST_DIAG-SP-3-BOOTUP_TEST_FAIL: Module 5: TestMPLSFibShortcut failed
*Apr 19 04:56:29.641: %CONST_DIAG-SP-3-BOOTUP_TEST_FAIL: Module 5: TestNATFibShortcut failed
Queued messages:
*Apr 19 04:56:33.583: %SYS-3-LOGGER_FLUSHING: System pausing to ensure console debugging output.
IPv6FibShortcut failed
*Apr 19 04:56:29.641: %CONST_DIAG-SP-3-BOOTUP_TEST_FAIL: Module 5: TestMPLSFibShortcut failed
*Apr 19 04:56:29.641: %CONST_DIAG-SP-3-BOOTUP_TEST_FAIL: Module 5: TestNATFibShortcut failed
*Apr 19 04:56:29.971: %HA_EM-6-LOG: Mandatory.go_bootup.tcl: GOLD EEM TCL policy for boot up diagnostic
*Apr 19 04:56:30.575: %CPU_MONITOR-3-PEER_EXCEPTION: CPU_MONITOR peer has failed due to exception , reset by [5/0]
*** System received a Software forced crash ***
signal= 0x17, code= 0x24, context= 0x45876f54
PC = 0x42728664, SP = 0x43ed9cd8, RA = 0x413ad2f4
Cause Reg = 0x00003820, Status Reg = 0x34008002
rommon 1 >What kind of line card was being inserted in slot 6? Have you tried other slots? The crash file in the RP says it was reset by SP, so the important crashinfo file would be in the sup-bootflash: Try an see if you find any "dir sup-bootflash:"
Aug 5 17:46:11: %C6K_PLATFORM-2-PEER_RESET: RP is being reset by the SP
%Software-forced reload
To answer your question:
A Is there any different procedure to install line modules in supervisor slots?
>>No there are no special configuration you need to do when inserting a line card in slots that normally would be for supervisor.
B Switch is having previously removed linecard (i.e, fastethernet module)in running configuration. Will it create any system crash?
>>No, it will not cause the switch to crash, when you see the configuration of a line card even after it was removed is quite normal, it's cold module provisionsing, you would not want to keep putting in a configuration for any line card after just resetaing them do you? -
Tacac+ logins asking for enable password
Hi,
7609 with the following IOS version.
Cisco IOS Software, c7600s72033_rp Software (c7600s72033_rp-ADVIPSERVICES-M), Version 15.2(4)S4a, RELEASE SOFTWARE (fc1)
Tacacs+ users can successfully login via telnet but its asking for the enable password to go to privilege mode. I have tried everything I could but it keeps asking for the enable password. How do I get rid of the enable password for the tacacs+ users? The following is the current relevant config.
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
aaa new-model
aaa group server tacacs+ TAC_PLUS
server name AUTH
aaa authentication login default group TAC_PLUS local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa session-id common
tacacs server AUTH
address ipv4 xx.xx.xx.xx
key 7 xxxxxxxxxxxxxxxxxxxxx
line con 0
line vty 0 4
session-timeout 15
access-class 10 in
exec-timeout 120 0
timeout login response 15
transport input telnet
ip telnet source-interface Loopback1
ip tacacs source-interface Loopback1Hi,
I did not have aaa authentication and tacacs debugging enabled. I have enabled them all and this is what it shows when tacacs+ works but have to type the enable password.
Nov 18 07:39:35: AAA/AUTHEN/LOGIN (00000000): Pick method list 'default'
Nov 18 07:39:35: TPLUS: Queuing AAA Authentication request 0 for processing
Nov 18 07:39:35: TPLUS: processing authentication start request id 0
Nov 18 07:39:35: TPLUS: Authentication start packet created for 0()
Nov 18 07:39:35: TPLUS: Using server xx.xxx.xxx.xxx
Nov 18 07:39:35: TPLUS(00000000)/0/NB_WAIT/56CA2684: Started 5 sec timeout
Nov 18 07:39:35: TPLUS(00000000)/0/NB_WAIT: socket event 2
Nov 18 07:39:35: TPLUS(00000000)/0/NB_WAIT: wrote entire 20 bytes request
Nov 18 07:39:35: TPLUS(00000000)/0/READ: socket event 1
Nov 18 07:39:35: TPLUS(00000000)/0/READ: Would block while reading
Nov 18 07:39:35: TPLUS(00000000)/0/READ: socket event 1
Nov 18 07:39:35: TPLUS(00000000)/0/READ: read entire 12 header bytes (expect 43 bytes data)
Nov 18 07:39:35: TPLUS(00000000)/0/READ: socket event 1
Nov 18 07:39:35: TPLUS(00000000)/0/READ: read entire 55 bytes response
Nov 18 07:39:35: TPLUS(00000000)/0/56CA2684: Processing the reply packet
Nov 18 07:39:35: TPLUS: Received authen response status GET_USER (7)
Nov 18 07:39:37: TPLUS: Queuing AAA Authentication request 0 for processing
Nov 18 07:39:37: TPLUS: processing authentication continue request id 0
Nov 18 07:39:37: TPLUS: Authentication continue packet generated for 0
Nov 18 07:39:37: TPLUS(00000000)/0/WRITE/4752E370: Started 5 sec timeout
Nov 18 07:39:37: TPLUS(00000000)/0/WRITE: wrote entire 24 bytes request
Nov 18 07:39:37: TPLUS(00000000)/0/READ: socket event 1
Nov 18 07:39:37: TPLUS(00000000)/0/READ: read entire 12 header bytes (expect 16 bytes data)
Nov 18 07:39:37: TPLUS(00000000)/0/READ: socket event 1
Nov 18 07:39:37: TPLUS(00000000)/0/READ: read entire 28 bytes response
Nov 18 07:39:37: TPLUS(00000000)/0/4752E370: Processing the reply packet
Nov 18 07:39:37: TPLUS: Received authen response status GET_PASSWORD (8)
Nov 18 07:39:41: TPLUS: Queuing AAA Authentication request 0 for processing
Nov 18 07:39:41: TPLUS: processing authentication continue request id 0
Nov 18 07:39:41: TPLUS: Authentication continue packet generated for 0
Nov 18 07:39:41: TPLUS(00000000)/0/WRITE/55F31F34: Started 5 sec timeout
Nov 18 07:39:41: TPLUS(00000000)/0/WRITE: wrote entire 27 bytes request
Nov 18 07:39:41: TPLUS(00000000)/0/READ: socket event 1
Nov 18 07:39:41: TPLUS(00000000)/0/READ: read entire 12 header bytes (expect 6 bytes data)
Nov 18 07:39:41: TPLUS(00000000)/0/READ: socket event 1
Nov 18 07:39:41: TPLUS(00000000)/0/READ: read entire 18 bytes response
Nov 18 07:39:41: TPLUS(00000000)/0/55F31F34: Processing the reply packet
Nov 18 07:39:41: TPLUS: Received authen response status PASS (2)
Nov 18 07:39:41: AAA/AUTHOR (00000000): Method list id=0 not configured. Skip author
Nov 18 07:39:42: AAA/AUTHOR: auth_need : user= 'user1' ruser= 'r17609'rem_addr= 'xxx.xxx.xxx.xxx' priv= 0 list= '' AUTHOR-TYPE= 'commands'
Nov 18 07:39:42: AAA: parse name=tty1 idb type=-1 tty=-1
Nov 18 07:39:42: AAA: name=tty1 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=1 channel=0
Nov 18 07:39:42: AAA/MEMORY: create_user (0x776722A4) user='user1' ruser='NULL' ds0=0 port='tty1' rem_addr='xxx.xxx.xxx.xxx' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)
Nov 18 07:39:42: AAA/AUTHEN/START (2568611223): port='tty1' list='' action=LOGIN service=ENABLE
Nov 18 07:39:42: AAA/AUTHEN/START (2568611223): non-console enable - default to enable password
Nov 18 07:39:42: AAA/AUTHEN/START (2568611223): Method=ENABLE
Nov 18 07:39:42: AAA/AUTHEN (2568611223): status = GETPASS
Nov 18 07:39:48: AAA/AUTHEN/CONT (2568611223): continue_login (user='(undef)')
Nov 18 07:39:48: AAA/AUTHEN (2568611223): status = GETPASS
Nov 18 07:39:48: AAA/AUTHEN/CONT (2568611223): Method=ENABLE
Nov 18 07:39:48: AAA/AUTHEN (2568611223): status = PASS
Nov 18 07:39:48: AAA/MEMORY: free_user (0x776722A4) user='NULL' ruser='NULL' port='tty1' rem_addr='xxx.xxx.xxx.xxx' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0) -
ROMMON Password Recovery for 803 Router
Hello Netpros.
Whilst attempting to perform a standard enable password recovery on an 803 router, I discovered that a ROMMON password had been set. This had the significant disadvantage in that I could not set the config register to bypass the configuration on startup using the set command.
I've browsed Google and this site and there seems to be some reference to a cookie and/or priv command that may assist with resetting a ROMMON password but this particular router does not seem to understand either of these commands whilst in disable mode.
Excerpt follows:
TinyROM version 1.0(2)
Mon Nov 02 17:14:21 1998
Copyright (c) 1998 by cisco Systems, Inc.
All rights reserved.
POST ......... OK. 8MB DRAM, 8MB Flash.
Booting up ..
auto-boot: failed, "user abort"
boot> set
set baud =9600
set data-bits =8
set parity =none
set stop-bits =1
set console-flags =0
set mac-address =0050.7377.4CCA
set unit-ip =0.0.0.0
set serv-ip =0.0.0.0
set netmask =0.0.0.0
set gate-ip =0.0.0.0
set pkt-timeout =8
set tftp-timeout =16
set boot-action =flash
set file-name ="c800-g3-mw.120-1.XB1"
set watchdog =off
set prompt ="boot"
set ios-conf =0x2102
boot> set ios-conf = 0x142
ios-conf: failed, "permission denied"
boot> en
password:
enable: failed, "permission denied"
boot> en
password:
enable: failed, "permission denied"
boot> cookie
cookie: failed, "command not found"
boot> priv
priv: failed, "command not found"
Hope one of you guys can help.
AdrianHi,
Yes, if you get this boot prompt with the ">" and not "#" that means some joker set a ROMMON password without reading the documentation what is the impact of that (and not documenting it as well). You have to contact Cisco TAC to clear that password, it's not written in any documentation how to clear it.
Regards,
Dandy -
Came into a situation where it is needed to recover a lost admin password for the fabric interconnects. Because the password is lost, we are unable to clean shutdown any of the blades and such. Not an ideal situation, but it's what I have to deal with.
I've read through the CLI guide and I'm familiar with the process to recover a password and having to reboot both fabric interconnects essentially bringing down any connectivity, but what exactly are the effects going to be?
Obviously upstream network connectivity will be lost so the VM hosts and VMs living inside the B-Series will be isolated, but will the IOMs/blades do anything crazy because they lost connectivity to the fabric? I realiz that since the FI's go down the storage paths will be lost. Anything else I should worry about?Hi,
I have done just few of these but normally you have to delete the database to be prompted to configure the fabric again, this might mean to delete Service Profiles and other configurations.
Here is a great post from a colleage that can help you do the recovery:
http://jeffsaidso.com/2011/10/password-recovery-in-cisco-ucs/
Maybe someone else in this forum can provide another way to do it without losing everything, or you can also open a TAC case.
Rate All helpful answers.
-Kenny -
Cisco Secure ACS with UCP assistance and enable password
I am running Cisco Secure ACS version 4.2 running on a
Standalone Windows 2003 Enterprise 2003with the lastest
windows service pack and update. Secure ACS is running
fine and I can authenticate with Cisco routers and
switches. The Windows 2003 server is also running Microsoft
IIS Server. In other words, the IIS server and Cisco
Secure ACS is running on the same windows 2003 server.
I am trying to get Cisco User-Changeable password to work
with Cisco Secure ACS. I followed the release notes lines
by lines and the work around provided below:
Also server require more privileges for the internal windows user that runs CSusercgi.exe.
The name of the windows user that runs UCP is IUSR_<machine_name>.
Workaround steps:
1) Install UCP 4 on a machine that runs IIS server.
2) Open IIS manager
3) Locate Default Web Site
4) Double click on the virtual name 'securecgi-bin'
5) Right click on CSusercgi.exe and choose Properties
6) Choose 'File Security' tab
7) Choose 'Edit' in 'Authentication and access control' area
8) Change username from IUSR_<machine_name> to 'Administrator' and enter his
password (make sure that 'Integrated Windows authentication' is checked)
I still can NOT get this to work. I got this error:
It says:
The page cannot be found
The page you are looking for might have been removed,
had its name changed, or is temporarily unavailable.
HTTP Error 404 - File or directory not found.
Internet Information Services (IIS)
I modified everything in the Windows 2003 to be "ALLOWED" by
EVERYONE. In other words, there are NO security on the windows 2003.
It is still NOT working.
The other question I have is that can Cisco UCP allow user
to change his/her enable password?
Can someone help? Thanks.Yes bastien,
Thank you.
But one thing more i want to know that in its Redundant AAA server, when i try to open IIS 6.0 window 2003; it prompts for Username and Password.
I've given it several time; also going through Administrator account with administrative credentials but it always failed.
Any suggestions/solution/?
This time many thanks in advance.
Regards
Mehdi Raza -
Configuring wired 802.1x with Cisco 2950 and NPS 2012 problem
Hi,
I am trying to setup wired authentication on my corporate network. For testing purposes, I have setup a Cisco 2950 switch for RADIUS authentication.
On the first day of the test, access messages were appearing on the event log of the 2012 Server and we were trying to address the issues with EAP and policy.(Network Policy and Access services)
Then, suddenly no events are written to the event log for the wired authentication. Accounting data is written to the log file at c:\windows\system32\logfiles, but nothing happens on the event log as if the NPS is not answering. We are using the same server for wireless 802.1x and all is working fine.
Checking the wired autoconfig log on the client, Restart Reason : Onex Auth Timeout appears.
Logging seems to be configured properly, there are no entries in event log. Below is the debug information from the 2950 switch;
KAT2-BATISW1#
00:18:28: dot1x-registry:dot1x_port_linkchange invoked on interface FastEthernet
0/17
00:18:28: dot1x-registry:dot1x_port_linkcomingup invoked on interface FastEthern
et0/17
00:18:28: dot1x-ev:dot1x_port_enable: set dot1x ask handler on interface FastEth
ernet0/17
00:18:28: dot1x-ev:dot1x_update_port_direction: Updating oper direction for Fa0/
17 (admin=Both, current oper=Both)
00:18:28: dot1x-ev:dot1x_update_port_direction: New oper direction for Fa0/17 is
Both
00:18:28: dot1x_auth Fa0/17: initial state auth_initialize has enter
00:18:28: dot1x-sm:Fa0/17:0000.0000.0000:auth_initialize_enter called
00:18:28: dot1x-ev:auth_initialize_enter:0000.0000.0000: Current ID=0
00:18:28: dot1x_auth Fa0/17: during state auth_initialize, got event 0(cfg_a
uto)
00:18:28: @@@ dot1x_auth Fa0/17: auth_initialize -> auth_disconnected
00:18:28: dot1x-sm:Fa0/17:0000.0000.0000:auth_disconnected_enter_action called
00:18:28: dot1x-sm:
dot1x_update_port_status called with port_status = DOT1X_PORT_STATUS_UNAUTHORIZE
D
00:18:28: dot1x-ev:dot1x_update_port_direction: Updating oper direction for Fa0/
17 (admin=Both, current oper=Both)
00:18:28: dot1x-ev:dot1x_update_port_direction: New oper direction for Fa0/17 is
Both
00:18:28: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEt
hernet0/17
00:18:28: dot1x-ev:dot1x_update_port_status: Called with host_mode=0 state UNAUT
HORIZED
00:18:28: dot1x-ev:dot1x_update_port_status: using mac 0000.0000.0000 to send po
rt to unauthorized on vlan 0
00:18:28: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
00:18:28: dot1x-ev:dot1x_port_unauthorized: Host-mode=0 radius/guest vlan=0 on F
astEthernet0/17
00:18:28: dot1x-ev: GuestVlan configured=0
00:18:28: dot1x-ev:supplicant 0000.0000.0000 is default
00:18:28: dot1x-ev:supplicant 0000.0000.0000 is last
00:18:28: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
00:18:28: dot1x-ev:0000.0000.0000 is now unauthorized on port FastEthernet0/17
00:18:28: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEt
hernet0/17
00:18:28: dot1x-ev:Enter function dot1x_aaa_acct_end
00:18:28: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
00:18:28: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
00:18:28: dot1x_auth Fa0/17: idle during state auth_disconnected
00:18:28: @@@ dot1x_auth Fa0/17: auth_disconnected -> auth_connecting
00:18:28: dot1x-sm:Fa0/17:0000.0000.0000:auth_connecting_enter called
00:18:28: dot1x_bend Fa0/17: initial state dot1x_bend_initialize has enter
00:18:28: dot1x-sm:Dot1x Initialize State Entered
00:18:28: dot1x_bend Fa0/17: initial state dot1x_bend_initialize has idle
00:18:28: dot1x_bend Fa0/17: during state dot1x_bend_initialize, got event 1
6383(idle)
00:18:28: @@@ dot1x_bend Fa0/17: dot1x_bend_initialize -> dot1x_bend_idle
00:18:28: dot1x-sm:Dot1x Idle State Entered
00:18:28: dot1x-ev:Created port supplicant block 0000.0000.0000 expected_id=0 cu
rrent_id=0
00:18:28: dot1x-ev:dot1x_init_sb_oper_info:Default port supplicant at memloc 80D
71C74
00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface
FastEthernet0/17
00:18:28: dot1x-ev:
dot1x_post_message_to_auth_sm:0000.0000.0000: Sending TX_FAIL
00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm:0000.0000.0000: Current ID=1
00:18:28: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/17
00:18:28: dot1x-packet:Tx EAP-Failure, id 0, ver 1, len 4 (Fa0/17)
00:18:28: dot1x-registry:registry:dot1x_ether_macaddr called
00:18:28: dot1x-packet:Tx sa=000f.24e9.72d1, da=0180.c200.0003, et 888E (Fa0/17)
00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface
FastEthernet0/17
00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0
000.0000.0000
00:18:28: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/17
00:18:28: dot1x-packet:Tx EAP-Request(Id), id 1, ver 1, len 5 (Fa0/17)
00:18:28: dot1x-registry:registry:dot1x_ether_macaddr called
00:18:28: dot1x-packet:Tx sa=000f.24e9.72d1, da=0180.c200.0003, et 888E (Fa0/17)
00:18:28: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
00:18:28: dot1x-packet:Rx EAP-Response(Id), id 1, ver 1, len 21 (Fa0/17)
00:18:28: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
00:18:28: dot1x-ev:Couldn't find a supplicant block for mac 0024.1d10.d7c5
00:18:28: dot1x-ev:Couldn't find a supplicant block for mac 0024.1d10.d7c5
00:18:28: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
00:18:28: dot1x_auth Fa0/17: initial state auth_initialize has enter
00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_initialize_enter called
00:18:28: dot1x-ev:auth_initialize_enter:0024.1d10.d7c5: Current ID=0
00:18:28: dot1x_auth Fa0/17: during state auth_initialize, got event 0(cfg_a
uto)
00:18:28: @@@ dot1x_auth Fa0/17: auth_initialize -> auth_disconnected
00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_disconnected_enter_action called
00:18:28: dot1x-sm:
dot1x_update_port_status called with port_status = DOT1X_PORT_STATUS_UNAUTHORIZE
D
00:18:28: dot1x-ev:dot1x_update_port_direction: Updating oper direction for Fa0/
17 (admin=Both, current oper=Both)
00:18:28: dot1x-ev:dot1x_update_port_direction: New oper direction for Fa0/17 is
Both
00:18:28: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEt
hernet0/17
00:18:28: dot1x-ev:dot1x_update_port_status: Called with host_mode=0 state UNAUT
HORIZED
00:18:28: dot1x-ev:dot1x_update_port_status: using mac 0024.1d10.d7c5 to send po
rt to unauthorized on vlan 0
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:28: dot1x-ev:dot1x_port_unauthorized: Host-mode=0 radius/guest vlan=0 on F
astEthernet0/17
00:18:28: dot1x-ev: GuestVlan configured=0
00:18:28: dot1x-ev:supplicant 0024.1d10.d7c5 is last
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:28: dot1x-ev:0024.1d10.d7c5 is now unauthorized on port FastEthernet0/17
00:18:28: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEt
hernet0/17
00:18:28: dot1x-ev:Enter function dot1x_aaa_acct_end
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:28: dot1x_auth Fa0/17: idle during state auth_disconnected
00:18:28: @@@ dot1x_auth Fa0/17: auth_disconnected -> auth_connecting
00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_enter called
00:18:28: dot1x_bend Fa0/17: initial state dot1x_bend_initialize has enter
00:18:28: dot1x-sm:Dot1x Initialize State Entered
00:18:28: dot1x_bend Fa0/17: initial state dot1x_bend_initialize has idle
00:18:28: dot1x_bend Fa0/17: during state dot1x_bend_initialize, got event 1
6383(idle)
00:18:28: @@@ dot1x_bend Fa0/17: dot1x_bend_initialize -> dot1x_bend_idle
00:18:28: dot1x-sm:Dot1x Idle State Entered
00:18:28: dot1x-ev:Created port supplicant block 0024.1d10.d7c5 expected_id=1 cu
rrent_id=1
00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface
FastEthernet0/17
00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface
FastEthernet0/17
00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0
024.1d10.d7c5
00:18:28: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/17
00:18:28: dot1x-packet:Tx EAP-Request(Id), id 0, ver 1, len 5 (Fa0/17)
00:18:28: dot1x-registry:registry:dot1x_ether_macaddr called
00:18:28: dot1x-packet:Tx sa=000f.24e9.72d1, da=0180.c200.0003, et 888E (Fa0/17)
00:18:28: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
00:18:28: dot1x-packet:Rx EAP-Response(Id), id 0, ver 1, len 21 (Fa0/17)
00:18:28: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:28: dot1x_auth Fa0/17: during state auth_connecting, got event 7(rxRes
pId)
00:18:28: @@@ dot1x_auth Fa0/17: auth_connecting -> auth_authenticating
00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_exit alled
00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_authenticating_enter called
00:18:28: dot1x-ev:sending AUTH_START to BEND for supp_info=80D7E584
00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_authenticating_action c
alled
00:18:28: dot1x-ev:Received AuthStart from Authenticator for supp_info=80D7E584
00:18:28: dot1x_bend Fa0/17: during state dot1x_bend_idle, got event 1(auth_
start)
00:18:28: @@@ dot1x_bend Fa0/17: dot1x_bend_idle -> dot1x_bend_response
00:18:28: dot1x-sm:Dot1x Response State Entered for supp_info=80D7E584 hwidb=807
D353C, swidb=807D4898 on intf=Fa0/17
00:18:28: dot1x-ev:Managed Timer in sub-block attached as leaf to master
00:18:28: dot1x-sm:Started the ServerTimeout Timer
00:18:28: dot1x-ev:Going to Send Request to AAA Client on RP for id = 0 and leng
th = 21
00:18:28: dot1x-ev:Got a Request from SP to send it to Radius with id 4294967283
00:18:28: dot1x-ev:Couldn't Find a process thats already handling the request fo
r this id 0
00:18:28: dot1x-ev:Inserted AAA request for interface FastEthernet0/17, MAC 0024
.1d10.d7c5, VLAN 0 on pending request queue
00:18:28: dot1x-ev:Found a free slot at slot 0
00:18:28: dot1x-ev:Found a free slot at slot 0
00:18:28: dot1x-ev:Processing AAA request for interface FastEthernet0/17, MAC 00
24.1d10.d7c5, VLAN 0 from pending request queue
00:18:28: dot1x-ev:Request id = -13 and length = 21
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:28: dot1x-ev:The Interface on which we got this AAA Request is FastEtherne
t0/17
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:28: dot1x-ev:Username is DUZEY\SAYTAMANER
00:18:28: dot1x-ev:MAC Address is 0024.1d10.d7c5
00:18:28: dot1x-ev:RemAddr is 00-24-1D-10-D7-C5/00-0F-24-E9-72-D1
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:30: %LINK-3-UPDOWN: Interface FastEthernet0/17, changed state to up
00:18:46: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
00:18:46: dot1x-packet:Rx EAPOL-Start, ver 1, len 0 (Fa0/17)
00:18:46: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
00:18:46: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:46: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:46: dot1x-ev:RECEIVED mac =0024.1d10.d7c5 and Stored MAC =0024.1d10.d7c5
00:18:46: dot1x_auth Fa0/17: during state auth_authenticating, got event 4(e
apStart)
00:18:46: @@@ dot1x_auth Fa0/17: auth_authenticating -> auth_aborting
00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_aborting_enter called
00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_authenticating_aborting_action cal
led
00:18:46: dot1x-ev:Received DOT1X_MSG_AUTH_ABORT: setting msg_id = 0
00:18:46: dot1x_bend Fa0/17: during state dot1x_bend_response, got event 5(i
nitialize)
00:18:46: @@@ dot1x_bend Fa0/17: dot1x_bend_response -> dot1x_bend_initialize
00:18:46: dot1x-sm:Dot1x Initialize State Entered
00:18:46: dot1x_bend Fa0/17: idle during state dot1x_bend_initialize
00:18:46: @@@ dot1x_bend Fa0/17: dot1x_bend_initialize -> dot1x_bend_idle
00:18:46: dot1x-sm:Dot1x Idle State Entered
00:18:46: dot1x_auth Fa0/17: during state auth_aborting, got event 16(noauth
Abort_noeapLogoff)
00:18:46: @@@ dot1x_auth Fa0/17: auth_aborting -> auth_connecting
00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_enter called
00:18:46: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0
024.1d10.d7c5
00:18:46: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/17
00:18:46: dot1x-packet:Tx EAP-Request(Id), id 1, ver 1, len 5 (Fa0/17)
00:18:46: dot1x-registry:registry:dot1x_ether_macaddr called
00:18:46: dot1x-packet:Tx sa=000f.24e9.72d1, da=0180.c200.0003, et 888E (Fa0/17)
00:18:46: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
00:18:46: dot1x-packet:Rx EAP-Response(Id), id 1, ver 1, len 21 (Fa0/17)
00:18:46: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
00:18:46: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:46: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:46: dot1x-ev:RECEIVED mac =0024.1d10.d7c5 and Stored MAC =0024.1d10.d7c5
00:18:46: dot1x_auth Fa0/17: during state auth_connecting, got event 7(rxRes
pId)
00:18:46: @@@ dot1x_auth Fa0/17: auth_connecting -> auth_authenticating
00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_exit alled
00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_authenticating_enter called
00:18:46: dot1x-ev:sending AUTH_START to BEND for supp_info=80D7E584
00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_authenticating_action c
alled
00:18:46: dot1x-ev:Received AuthStart from Authenticator for supp_info=80D7E584
00:18:46: dot1x_bend Fa0/17: during state dot1x_bend_idle, got event 1(auth_
start)
00:18:46: @@@ dot1x_bend Fa0/17: dot1x_bend_idle -> dot1x_bend_response
00:18:46: dot1x-sm:Dot1x Response State Entered for supp_info=80D7E584 hwidb=807
D353C, swidb=807D4898 on intf=Fa0/17
00:18:46: dot1x-ev:Managed Timer in sub-block attached as leaf to master
00:18:46: dot1x-sm:Started the ServerTimeout Timer
00:18:46: dot1x-ev:Going to Send Request to AAA Client on RP for id = 1 and leng
th = 21
00:18:46: dot1x-ev:Got a Request from SP to send it to Radius with id 4294967284
00:18:46: dot1x-ev:Found a process thats already handling therequest for this id
1
00:18:48: dot1x-err:Dot1x Authentication failed (AAA_AUTHEN_STATUS_ERROR)
00:18:48: dot1x-ev:Received VLAN is No Vlan
00:18:48: dot1x-ev:Enqueued the response to BackEnd
00:18:48: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:48: dot1x-ev:Enter function dot1x_aaa_acct_end
00:18:48: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:48: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:48: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:48: dot1x-ev:Received QUEUE EVENT in response to AAA Request
00:18:58: dot1x-sm:Fa0/17:0000.0000.0000:dot1x_process_txWhen_expire called
00:18:58: dot1x_auth Fa0/17: during state auth_connecting, got event 19(txWh
en_expire)
00:18:58: @@@ dot1x_auth Fa0/17: auth_connecting -> auth_connecting
00:18:58: dot1x-sm:Fa0/17:0000.0000.0000:auth_connecting_connecting_action calle
d
00:18:58: dot1x-ev:dot1x_post_message_to_auth_sm: Skipping tx for req_id for def
ault supplicant
00:19:07: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
00:19:07: dot1x-packet:Rx EAPOL-Start, ver 1, len 0 (Fa0/17)
00:19:07: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:19:07: dot1x-ev:RECEIVED mac =0024.1d10.d7c5 and Stored MAC =0024.1d10.d7c5
00:19:07: dot1x_auth Fa0/17: during state auth_authenticating, got event 4(e
apStart)
00:19:07: @@@ dot1x_auth Fa0/17: auth_authenticating -> auth_aborting
00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_aborting_enter called
00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_authenticating_aborting_action cal
led
00:19:07: dot1x-ev:Received DOT1X_MSG_AUTH_ABORT: setting msg_id = 0
00:19:07: dot1x_bend Fa0/17: during state dot1x_bend_response, got event 5(i
nitialize)
00:19:07: @@@ dot1x_bend Fa0/17: dot1x_bend_response -> dot1x_bend_initialize
00:19:07: dot1x-sm:Dot1x Initialize State Entered
00:19:07: dot1x_bend Fa0/17: idle during state dot1x_bend_initialize
00:19:07: @@@ dot1x_bend Fa0/17: dot1x_bend_initialize -> dot1x_bend_idle
00:19:07: dot1x-sm:Dot1x Idle State Entered
00:19:07: dot1x_auth Fa0/17: during state auth_aborting, got event 16(noauth
Abort_noeapLogoff)
00:19:07: @@@ dot1x_auth Fa0/17: auth_aborting -> auth_connecting
00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_enter called
00:19:07: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0
024.1d10.d7c5
00:19:07: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/17
00:19:07: dot1x-packet:Tx EAP-Request(Id), id 2, ver 1, len 5 (Fa0/17)
00:19:07: dot1x-registry:registry:dot1x_ether_macaddr called
00:19:07: dot1x-packet:Tx sa=000f.24e9.72d1, da=0180.c200.0003, et 888E (Fa0/17)
00:19:07: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
00:19:07: dot1x-packet:Rx EAP-Response(Id), id 2, ver 1, len 21 (Fa0/17)
00:19:07: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:19:07: dot1x-ev:RECEIVED mac =0024.1d10.d7c5 and Stored MAC =0024.1d10.d7c5
00:19:07: dot1x_auth Fa0/17: during state auth_connecting, got event 7(rxRes
pId)
00:19:07: @@@ dot1x_auth Fa0/17: auth_connecting -> auth_authenticating
00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_exit alled
00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_authenticating_enter called
00:19:07: dot1x-ev:sending AUTH_START to BEND for supp_info=80D7E584
00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_authenticating_action c
alled
00:19:07: dot1x-ev:Received AuthStart from Authenticator for supp_info=80D7E584
00:19:07: dot1x_bend Fa0/17: during state dot1x_bend_idle, got event 1(auth_
start)
00:19:07: @@@ dot1x_bend Fa0/17: dot1x_bend_idle -> dot1x_bend_response
00:19:07: dot1x-sm:Dot1x Response State Entered for supp_info=80D7E584 hwidb=807
D353C, swidb=807D4898 on intf=Fa0/17
00:19:07: dot1x-ev:Managed Timer in sub-block attached as leaf to master
00:19:07: dot1x-sm:Started the ServerTimeout Timer
00:19:07: dot1x-ev:Going to Send Request to AAA Client on RP for id = 2 and leng
th = 21
00:19:07: dot1x-ev:Got a Request from SP to send it to Radius with id 4294967285
00:19:07: dot1x-ev:Couldn't Find a process thats already handling the request fo
r this id 2
00:19:07: dot1x-ev:Inserted AAA request for interface FastEthernet0/17, MAC 0024
.1d10.d7c5, VLAN 0 on pending request queue
00:19:07: dot1x-ev:Found a free slot at slot 0
00:19:07: dot1x-ev:Found a free slot at slot 0
00:19:07: dot1x-ev:Processing AAA request for interface FastEthernet0/17, MAC 00
24.1d10.d7c5, VLAN 0 from pending request queue
00:19:07: dot1x-ev:Request id = -11 and length = 21
00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:19:07: dot1x-ev:The Interface on which we got this AAA Request is FastEtherne
t0/17
00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:19:07: dot1x-ev:Username is DUZEY\SAYTAMANER
00:19:07: dot1x-ev:MAC Address is 0024.1d10.d7c5
00:19:07: dot1x-ev:RemAddr is 00-24-1D-10-D7-C5/00-0F-24-E9-72-D1
00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:19:19: dot1x-registry:dot1x_port_linkchange invoked on interface FastEthernet
0/17
00:19:19: dot1x-ev:supp_info=80D7E584 txWhen_timer=80D7E5D4 quietWhile_timer=80D
7E594reAuthWhen_timer=80D7E5B4 awhile_timer=80D7E5F4
00:19:19: dot1x-ev:destroy supplicant block for 0024.1d10.d7c5
00:19:19: dot1x-ev:supp_info=80D71C74 txWhen_timer=80D71CC4 quietWhile_timer=80D
71C84reAuthWhen_timer=80D71CA4 awhile_timer=80D71CE4
00:19:19: dot1x-ev:destroy supplicant block for 0000.0000.0000
00:19:19: dot1x-ev:Enter function dot1x_aaa_acct_end
00:19:19: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
00:19:19: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
00:19:19: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEt
hernet0/17
00:19:19: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface
This is driving me crazy, working on it for a whole week and no results..
Thank you..Hi again,
I have put the config on 2960. Now as soon as the authentication starts, this is the message on debug;
dot1x authentication unable to start - authenticator not enabled..
Any ideas?
regards,
onur -
Log into Device with AAA, how do I get right into enable mode?
I am using a Cisco ACS server with an RSA server behind it. When the user is authenticated from the ACS server, I want them to go straight into enable mode, not have to type the enable mode password. What line am I missing?
aaa authentication login ACS group ACS_servers local enable
aaa authorization exec ACS group ACS_servers local
aaa authorization commands 15 ACS group ACS_servers local
aaa accounting commands 1 default start-stop group ACS_servers
aaa accounting commands 15 default start-stop group ACS_servers
line vty 0 5
login authentication ACS
authorization commmands 15 ACSThe configuration in question is for telnet, but I do need to design my new console access connection. Console access would be either remotely or on-site, but I don't feel comfortable giving priv 15 right into it. I plan to use the same authentication method on the console (ACS group 1st, local database 2nd) and will just have to enter the enable password through the console.
One more question on the aaa config, I kept getting this error in the log:
AAA/AUTHOR: config command authorization not enabled
So I added:
aaa authorization config-commands
I don't know if it was needed because I could still execute config-commands, but it kept giving me that warning if I didn't have that line.
Also, do I really need this line if the ACS server is taking care of priv 15 authorization:
aaa authorization commands 15 ACS if-authenticated -
Hey,
I am trying to change the enable password on cisco ASA 5510. I run enable password <password>. I log off, and log back in with my username/password and type en, it asks for a password and enter the password that I just set but it does not work.
what am I missing?
ThanksAre you using the local user database or a TACACS or RADIUS server to authenticate?
If using a TACACS or RADIUS server enter your user password when you type enable. If that doesn't work disconnect the TACACS or RADIUS server and try to enter the enable password you created.
If using the local user database, are you sure that you are entering the password correctly? Perhaps you typed it incorrectly when creating it and accidentally put a space at the begining or end?
If non of the above work then you will need to perform a password recovery:
Reboot your ASA
Press the Esc key to enter ROMON mode when prompted
Change the configuration register value to 0x41 by using the command confreg 0x41
To tell the ASA to ignor the startup configuration issue the command confreg
Current Configuration Register: 0x00000041
Configuration Summary:
boot default image from Flash
ignore system configuration
Do you wish to change this configuration? y/n [n]: y
5. At the prompt enter Y
6. Accept all default values when prompted
7. Reload the ASA by enter the command boot
8. When prompted enter enable and leave the password blank
9. Issue the command copy start run
10. Enter configuration mode configure terminal
11. Enter the command no config-register (the value is returned to its default value of 0x1)
12. Save your configuration copy run start
Please remember to rate and select a correct answer -
No service password recovery command on cisco 2801 router
HI,
we have a cisco 2801 router in class which has a disabled pasword recovery. We tried almost everything, we cannot get into ROMmon and the break sequence dosent work in any program (hyper terminal, putty, teraterm pro). We dont have any idea how to solve this problem.
Here is the log from hyperterminal:
System Bootstrap, Version 12.3(8r)T9, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2004 by cisco Systems, Inc.
PLD version 0x10
GIO ASIC version 0x127
c2801 processor with 131072 Kbytes of main memory
Main memory is configured to 64 bit mode with parity disabled
Readonly ROMMON initialized
PASSWORD RECOVERY FUNCTIONALITY IS DISABLED
program load complete, entry point: 0x8000f000, size: 0xc100
Initializing ATA monitor library.......
program load complete, entry point: 0x8000f000, size: 0xc100
Initializing ATA monitor library.......
program load complete, entry point: 0x8000f000, size: 0xd49718
Self decompressing the image : #################################################
######## [OK]
--- TRIED BREAK SEQUENCE HERE but nothing happens ---
Smart Init is enabled
smart init is sizing iomem
ID MEMORY_REQ TYPE
0X003AA110 public buffer pools
0X00211000 public particle pools
0X0013 0X00035000 Card in slot 1
0X000021B8 Onboard USB
If any of the above Memory Requirements are
"UNKNOWN", you may be using an unsupported
configuration or there is a software problem and
system operation may be compromised.
Allocating additional 7692663 bytes to IO Memory.
PMem allocated: 117440512 bytes; IOMem allocated: 16777216 bytes
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, 2801 Software (C2801-IPBASE-M), Version 12.4(1c), RELEASE SO
FTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Wed 26-Oct-05 08:42 by evmiller
Image text-base: 0x6007ECA0, data-base: 0x61480000
--- TRIED BREAK SEQUENCE HERE but nothing happens too ---
Port Statistics for unclassified packets is not turned on.
Cisco 2801 (revision 6.0) with 114688K/16384K bytes of memory.
Processor board ID FCZ102422KK
2 FastEthernet interfaces
2 Low-speed serial(sync/async) interfaces
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
62720K bytes of ATA CompactFlash (Read/Write)
Press RETURN to get started!
Thanks for help!I usually suffer from the same issue, but what works for me everytime is the other method that simulates break sequence. Can't find the documentation for it but this is how it goes:
Set the serial connection as follows in Putty:
Baud rate 1200
1 stop bit
8 data bits
no parity
no flow control
Turn off your router, then turn it back on and immediately press the spacebar for about 10-15 seconds. All you'll see is giberish. After that reset your console connection settings to the usual 9600 baud rate, and you'll find yourself in rommon mode. -
Cisco ISG Integration with AAA & Policy Server
Hi,
We are integrating Cisco ISG (IOS XE - ASR1001) with AAA and Policy Server. we have below to specific service provider requirement.
1. TAL - Transparent Automatic Subsriber for Range of IP or Pool of IP - how we add such identifier in Policy/Control Maps as attibute handshake with AAA
2. Different QoS Enforcement to Single User based on Day and Night Time.. what logic should be used??
Note: The Subscribers are from wired network and DHCP controlled.
Please help, Thanx in advance...
BhaveshDear Bhavesh,
Try with this it is working & tested policy for TAL & ISG ASR 1001.
QoS will be work with Radius request & will apply on online user with diffrent plan.
class-map type traffic match-any PPPOE
match access-group output name PPPOE-out
match access-group input name PPPOE-in
class-map type control match-any TAL
match source-ip-address 30.30.30.0 255.255.255.0
class-map type control match-all IP_UNAUTH_COND
match timer IP_UNAUTH_TIMER
match authen-status unauthenticated
class-map type control match-all PPPOE-CON
match media ether
match authen-status unauthenticated
match protocol ppp
policy-map type control PPPOE-USR
class type control always event timed-policy-expiry
10 service disconnect
class type control always event account-logoff
10 service disconnect delay 2
class type control always event quota-depleted
10 set-param drop-traffic TRUE
class type control always event session-start
10 authenticate aaa list PPP-USR
class type control always event service-start
20 service-policy type service identifier service-name
class type control always event service-stop
1 service-policy type service unapply identifier service-name
policy-map type control TAL_IP_POLICY_RULE
class type control IP_UNAUTH_COND event timed-policy-expiry
10 service disconnect
class type control TAL event account-logoff
10 service disconnect delay 5
class type control TAL event session-start
30 authorize aaa list AAA-STATIC password cisco identifier source-ip-address
50 set-timer IP_UNAUTH_TIMER 5
class type control TAL event session-restart
30 authorize aaa list AAA-STATIC password cisco identifier source-ip-address
50 set-timer IP_UNAUTH_TIMER 5
class type control TAL event quota-depleted
10 set-param drop-traffic TRUE
class type control TAL event service-start
10 service-policy type service identifier service-name
bba-group pppoe global
virtual-template 1
interface GigabitEthernet0/0/0
ip address 10.10.10.2 255.255.255.0
no ip proxy-arp
negotiation auto
interface GigabitEthernet0/0/1
ip address 30.30.30.1 255.255.255.0
negotiation auto
pppoe enable group global
service-policy type control TAL_IP_POLICY_RULE
ip subscriber routed
initiator unclassified ip-address
interface GigabitEthernet0/0/2
ip address 172.16.1.1 255.255.255.0
negotiation auto
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
interface GigabitEthernet0/2/0
no ip address
shutdown
negotiation auto
interface GigabitEthernet0/2/1
no ip address
shutdown
negotiation auto
interface GigabitEthernet0/2/2
no ip address
shutdown
negotiation auto
interface GigabitEthernet0/2/3
no ip address
shutdown
negotiation auto
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
interface Virtual-Template1
ip dhcp relay information trusted
ip unnumbered GigabitEthernet0/0/1
ip helper-address 10.10.10.1
timeout absolute 43200 0
peer default ip address dhcp
ppp mtu adaptive
ppp authentication pap
ppp authorization PPP-USR
service-policy type control PPPOE-USR
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.16.1.2
ip access-list extended DROP-in
deny ip any any
ip access-list extended DROP-out
deny ip any any
ip access-list extended PPPOE-in
permit ip any any
ip access-list extended PPPOE-out
permit ip any any
vishal lumbhani -
Old 1760 With password recovery disabled, no way to factory reset
Hi
I have an old 1760 router with Password Recovery Functionality Disabled
I don't care about its actual configuration , I need factory reset
I Followed the well documented procedure :
Normal boot
Self decompressing the image : #################################################
################################################################ [OK]
Smart Init is disabled. IOMEM set to: 15
PMem allocated: 57042944 bytes; IOMem allocated: 10065920 bytes
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating System Software
IOS (tm) C1700 Software (C1700-SV8Y7-M), Version 12.3(6d), RELEASE SOFTWARE (fc1
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Fri 15-Oct-04 03:46 by kellythw
Image text-base: 0x80008120, data-base: 0x81440804
Send break at this time , then :
Do you want to reset the router to factory default
configuration and proceed [y/n] ? y
Reset router configuration to factory default.
cisco 1760 (MPC860P) processor (revision 0x500) with 55706K/9830K bytes of memor
y.
Processor board ID FOC07450X9P (3881152211), with hardware revision 0000
MPC860P processor: part number 5, mask 2
Bridging software.
X.25 software, Version 3.0.0.
1 FastEthernet/IEEE 802.3 interface(s)
32K bytes of non-volatile configuration memory.
32768K bytes of processor board System flash (Read/Write)
WARNING:
Executing this command will disable password recovery mechanism.
Do not execute this command without another plan for
password recovery.
Are you sure you want to continue? [yes/no]: y
The router boot up normally anyway , still with original password unrecovered instead a fresh factory default.
Any hint please ?????
Thank youFederico,
There is something quite strange going on but one thing has caught my attention in particular. This is a part of your transcript:
Send break at this time , then :
Do you want to reset the router to factory default configuration and proceed [y/n] ? y Reset router configuration to factory default.cisco 1760 (MPC860P) processor (revision 0x500) with 55706K/9830K bytes of memory.Processor board ID FOC07450X9P (3881152211), with hardware revision 0000MPC860P processor: part number 5, mask 2Bridging software.X.25 software, Version 3.0.0.1 FastEthernet/IEEE 802.3 interface(s)32K bytes of non-volatile configuration memory.32768K bytes of processor board System flash (Read/Write)WARNING:Executing this command will disable password recovery mechanism.Do not execute this command without another plan forpassword recovery.Are you sure you want to continue? [yes/no]: y
Notice that the first question is whether you want to erase the configuration - you respond with yes, and the router continues booting. The second question displayed clearly shows that the router continues loading the configuration file and in particular processes the no service password-recovery command.
What would happen if you answered with n to this second question, preventing the router from accepting the no password-recovery stored command? Could you reload the router afterwards and try the password recovery procedure again?
Also, if this router has a removable Flash card, would you be able to enter the ROMMON and set the configuration register to 0x2142 if you removed the card and tried booting the router?
Best regards,
Peter -
Try this:
enable secret 0 cisco
service password encryption.
The 5 in the command above says the password that follows is an encrypted password. After the service command the passwords should get encrypted in the configuration.
vel 5 with password ‘password’
#enable secret level 5 ?
0 Specifies an UNENCRYPTED password will follow
4 Specifies an SHA256 ENCRYPTED secret will follow
5 Specifies a MD5 ENCRYPTED secret will follow
LINE The UNENCRYPTED (cleartext) ‘enable’ secretIf I type in: switch# "enable secret 5 cisco"
and I exit out of global config mode and priv exec mode and then I type in "enable" I get prompted for the password and I type in "cisco" it asks for the password again, until finaly it says "bad secrets". What did I do wrong?
However if I type in "enable password cisco" and go back into "enable" I type in the password and I can get into priv exec mode no problem.
whats the problem?
This topic first appeared in the Spiceworks Community
Maybe you are looking for
-
I'm having a hardware issue that has defied all attempts to explain.
About the time when someone found that a certain file reference, when entered in the search field of most apple apps would cause a crash, I started having a problem with my early 2009 iMac. And yes, I foolishly tried this and got this thing stuck
-
Can you make a folder and it's contents temporarily "invisible"---sort of?
Can I make a folder and it's contents, temporarily invisible? I don't mean I don't want to see it. I mean I want to make it such that if an automated process was scanning my computer, it temporarily wouldn't see that folder and it's contents. For ins
-
Clicking on links in Safari does nothing
Running OS 10.8.5 on desk top iMac. Lately, today, have found that clicking ona link in Safari does nothing. Simply stays on the same page I was viewing.
-
How can I enlarge icon ?
Hi there, after i installed windows on my MacBook pro Retina by using bootcamp, the icon in the task bar is to small and the visual studio software when I open it olso very small text and every tthing in that software? so is someone get this problems
-
Heading Change in "Report Parameter Form"
Hi, Is there any way to change Headings and presentation on "Report Parameter Form" in 11g, as shown in http://3.bp.blogspot.com/_KYY-OV98iIo/TCnw5J8TEaI/AAAAAAAAAHo/9DnTJTs8now/s1600/here03.bmp is displaying headings like "Report Parameters" and "En