Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
422
Views
4
Helpful
8
Replies

Production CAT6500 Locked Out

tech_trac
Level 1
Level 1

‎06-14-2009 10:12 PM - edited ‎03-06-2019 06:15 AM

Hi,

With the user admin, I deleted the enable secret from the configuration and did not add a new one and exited.

Now I can log in with admin user but upon doing 'enable' I get 'Error in Authentication'.

enable secret is still visible in the startup-config as I did not save the configs.

How can I activate the enable mode (Level 15) without doing any reboot etc.

I can however, get into the enable (Level 7) mode but unfortunately, 'config t' is restricted on Level 7.

Please assist.

Thanks a lot.

Labels:
0 Helpful
8 Replies 8

mahmoodmkl
Level 7
Level 7

‎06-14-2009 10:31 PM

Hi

Do u have solarwinds u can modufy the config using SNMP string.

Thanks

Mahmood

0 Helpful

tech_trac
Level 1
Level 1
In response to mahmoodmkl

‎06-14-2009 10:35 PM

Yes. I do have SolarWinds. How can I modify the config/add the enable secret via SNMP from SolarWinds.

SNMP is configured for Read-Only string though.

Thanks

0 Helpful

mahmoodmkl
Level 7
Level 7
In response to tech_trac

‎06-14-2009 10:53 PM

Hi

U can configure using the config viewer utility but as u said u have only read only string then its not going to work.

R u not able to access the device even if connected from console..?

Thanks

Mahmood

0 Helpful

tech_trac
Level 1
Level 1
In response to mahmoodmkl

‎06-14-2009 10:58 PM

Currently, I can only ssh over IP network.

I will have to travel to the physical site for console access which is not at all a problem.

Would'nt the enable (Level 15) be restricted on console as well.

Thanks.

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame

‎06-15-2009 05:18 AM

If you are using a TACACS+ server, you can assign privileges to Level 7 from the server itself so you can get into the configuration mode and make the necessary changes. Once the changes are made, you can revert the privileges on the server.

If you aren't using a TACACS+ server, the only suggestion is to reload. You can schedule a reload from the switch.

The console won't provide any additional access on this case.

__

Edison.

0 Helpful

tech_trac
Level 1
Level 1
In response to Edison Ortiz

‎06-15-2009 06:34 AM

Hi,

We are not using TACACS+ server. I tried from the console and it didn't ask for the enable password. And hence I was able to do the required changes.

Does removing all enable secrets from the configuration and removes the need to put in the enable password from the console.

Regards.

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to tech_trac

‎06-15-2009 06:39 AM

Yes, you can have either enable secret, enable password or both in the configuration.

It seems you were able to gain access from the console without a password prompt because you have 'no login' under line con 0.

http://www.cisco.com/en/US/docs/ios/termserv/command/reference/tsv_a1.html#wp1030077

On this case, it helped you solve the problem but it's not recommended to have this command in the config as it violates a security practice to secure the console.

__

Edison.

tech_trac
Level 1
Level 1
In response to Edison Ortiz

‎06-15-2009 09:49 PM

Hi,

I checked the config and the line console 0 does not have 'no login' configuration.

What could be the other reason for enable to work without password.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card