aaa new-model - Urgent

Unanswered Question
Nov 24th, 2008
User Badges:

One of my colleague accidently entered "aaa new-model" in device and the device got locked since no username/password was configured on the device. Now the device is locked and we can't login. Its a core device. Please let me know how to resolve this issue without a reboot.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
pvanvuuren Mon, 11/24/2008 - 23:59
User Badges:
  • Bronze, 100 points or more

Telnet might be inaccessible , but have you tried the console and the aux port ?

If SNMP is configured and you have SNMP read-write access, you will be able to change it with CiscWorks RME's netconfig. Depending on the device model, you might also have access via CiscoView to change it.

Hope this helps.

aneesh.ts Tue, 11/25/2008 - 01:50
User Badges:

Console and aux also locked.

We have snmp read-write strings configured on the device and we have Infovista installed.

any idea how we change device configuration using Infovista?

Thanks in advance


aneesh.ts Wed, 11/26/2008 - 02:58
User Badges:

guys, a good news. It worked finally from TFTP server. But we had to get the help of Cisco TAC. Will share the detailed commands and details later. Thank you very much JANSEN..

You've been really helpful.

aneesh.ts Wed, 11/26/2008 - 04:36
User Badges:

To summarise what I did for everyone, I attempted to unset 'aaa new-model' from the config via SNMP.

First, I created a new file in /var/tftp/ called 'no_aaa'. The contents of this file were :


no aaa new-model

user test pass 0 test


Once this was done, we then issued the following command:

snmpset -t 60 -c RW_STRING ROUTER_NAME . s no_aaa


RW_STRING - Read/Write SNMP community string ROUTER_NAME - The hostname or IP of the router X.X.X.X - The IP address of the TFTP Server.


This Discussion