06-09-2008 06:05 AM - last edited on 03-25-2019 04:01 PM by ciscomoderator
Is there anyway to get into the device when you don't have local user defined and you have lost TACACS server? I'm in the situation where I have lost TACACS server and there is no localuser defined in the device. I console into it and I get the username prompt but device is unable to talk to TACACS server. I'm trying options other than doing a password recovery which requires reboot.
06-09-2008 06:10 AM
There are snmp tools which can be used.
Solarwinds is one of them where you can use the ip address of the device and SNMP string RW is what you should know.
In this you can pull the config of the device. And then you can set a local username for console or vty as per your config or remove the tacacs config and log in to the device.this will be without any reboot.
06-09-2008 06:13 AM
Unfortunately there is no ip connectivity to the device. Can I push snmp config through the console?
06-09-2008 06:17 AM
I am soory that would not be possible through console.
06-09-2008 07:18 AM
Nawaz
If the console is prompting for a user name to authenticate but there is no user defined, and if there is no ip connectivity so telnet is not possible, then I am not sure that there is any alternative to doing password recovery.
I am a little puzzled about the situation. You are reluctant to do password recovery because it requires a reboot, which would seem to indicate that it is a live functioning router that you do not want to disturb. But if I understand the post right there is no IP connectivity. How can there be no IP connectivity if it is a live functioning router? Or how could there be no IP connectivity and no telnet capability if there is IP connectivity? Perhaps you could explain more about your situation?
HTH
Rick
06-09-2008 07:27 AM
I know it is an interesting situation, let me explain you what happended, it is a layer2 switch in the vtp transparent mode and it is working fine except I accidently removed the management vlan from the switch when trying to remove unused vlans. Now I'm in the situation that I can't telnet/ssh to the switch because mgmt vlan (vlan 600) is not active in the switch therefore it is unable to talk to TACACS server. I can't access via console because it asks for the username/password and unfortunately no localuser defined. It is live and working because all other vlan are there.
06-09-2008 07:31 AM
Hi nawas,
Is there any ip address that is been configured for vlan1 or any other vlan that you are able to ping from the network ?
Have you also tried to log in from the switch or the router which is connected to it ?
If in case you are able to ping any of the vlan ip address from the local lan then there can be a possiblity of adding the command back using snmp.
Let us know .
06-09-2008 07:46 AM
I wish there was, there is only ip address configured in this switch, which is the mgmt ip in the vlan 600 and vlan 600 is no longer there. I don't think I have any other option but to do the password recovery.
06-09-2008 07:52 AM
Nawaz
With that explanation it makes a lot of sense. If it is a layer 2 switch that is functioning to forward at layer 2 on user VLANs but does not have a management address, and if access through the console is prompting for a username, then I believe that your only option is password recovery.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: