Cisco 1712: Can't "enable" any longer...

Answered Question
Feb 14th, 2007

After deleting the original user via SDM and creating a new one (privilege level 15, view name "SDM_Administrator (root)") I'm unable to use "enable" command via telnet any longer.

It asks me for a password, but neither the old nor the new one are working.

What can I do ?

I have this problem too.
0 votes
Correct Answer by stephen.stack about 9 years 7 months ago

Still looks like your enable secret password or telnet password is holding you out. Also, AAA is working as it should be. You need to go to site where the router is a follow the procedure in the document below. It is comprehensive and accurate. This works for a 1721 also, please read and understand before doing it.

http://www.cisco.com/en/US/products/hw/routers/ps259/products_password_recovery09186a0080094675.shtml

This will allow you to see the config that is stored on the router and then you will be able to decrypt the passwords.

HTH

Stephen

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
tobiaseichner Wed, 02/14/2007 - 12:28

Could I solve this issue by disabling AAA ? It is enabled for whatever reason (probably by default)... or do I open any security hole when disabling it ?

stephen.stack Thu, 02/15/2007 - 06:32

Hi again,

No problem with help.

It looks like you just need to use the telnet password. at the end of the config you posted on the other thread, at the end is line vty 0 4. under that is a password, if it is encrypted, then use this link to decrypt. http://users.skynet.be/glu/ciscopw.htm.

HTH > Please rate is it does!!!

Cheers

Stephen

tobiaseichner Thu, 02/15/2007 - 16:02

I was not aware that encrypted passwords are so easy to decode... anyway, it still fails (I tried this standard password over and over already). So this was the reason why I not thought about just viewing the config to reminding to the password ;-)

Here is the running config. There were some changes done to the original posted, so maybe I did a mistake there.

It does not fit into one message, so I have attached it.

Correct Answer
stephen.stack Fri, 02/16/2007 - 00:57

Still looks like your enable secret password or telnet password is holding you out. Also, AAA is working as it should be. You need to go to site where the router is a follow the procedure in the document below. It is comprehensive and accurate. This works for a 1721 also, please read and understand before doing it.

http://www.cisco.com/en/US/products/hw/routers/ps259/products_password_recovery09186a0080094675.shtml

This will allow you to see the config that is stored on the router and then you will be able to decrypt the passwords.

HTH

Stephen

tobiaseichner Fri, 02/16/2007 - 14:08

After reading the instructions you provided how to reset passwords, I decided to give SDM a last try and reset the enable password from there again.

I altered the enable password as well as the password of my SDM user account. Now I'm able to "enable" again, the password is accepted :-)

However I have no idea what caused this: I used the online tool you provided to me in your previous mail to decrypt the existing passwords. They were stored exactly as I typed them.

stephen.stack Fri, 02/16/2007 - 14:30

Hey,

Thats a bit odd. Maybe typed Passwords wrong, or whatever, but at least you sorted it. Thanks for letting me know how you did it, very clever :)

Thanks

Stephen

tobiaseichner Sat, 02/17/2007 - 05:28

> Thanks for letting me know how you did it, very clever :)

Not necessarily clever, but in the hope you had an idea why this happened ;-) I can really exclude typos, since I tried it surely a dozen times (no shift lock key pressed, too ;-)

Anyway, it works and I'm happy. When similar occurs again in the future, I know that simply replacing the password in SDM does the trick.

For being sure, I altered the passwords completely, since I tried to decode them all in the Java decoder on that website you provided to me (not sure how trusty this is).

Again, thank you for your help.

Actions

This Discussion