Re: Locked out of my router after messing with aaa.

tmcmillion · ‎06-04-2003

I am new to aaa and was starting to configure it on my router. I did wri mem and left for the day. When I try to telent or console to my router today it is asking for username/password and of course authetication is failing. How can I get into this router ? this is what I added:

aaa new-model

aaa authentication login default radius local

aaa authentication login no_radius enable

aaa authentication ppp default if-needed radius

aaa authorization network radius

tepatel · ‎06-04-2003

Not sure what you have configured under the console or line vty but according to the login config, router will try to contact to radius server, if radius server is dead, it will try to look in the local database.

So if the radius server will not respond, you should be able to get in with local username and password.

If no luck, you need to do the password recovery for that router. Here is the link which will help you for password recovery to get in again.

http://www.cisco.com/warp/public/474/

Pick your router on that link.

ovanjara · ‎06-05-2003

Hi,

Try to shut down the services of your radius server, this will force the router to fall back to the local database. Now if you have a local user/password configured, you should be able to login using that username. If you did not setup any local username password, then password recovery is pretty much the only option.

Thanks,

Obaid.

williamparis · ‎06-05-2003

I ended up having to remove the aaa authentication login no_radius enable statement under aaa config and vty line conf as well to be able to log in successfully. Perhaps not the best way around it, but you'll find it works.

As well, BTW, I was able to get in to the Router by a console login rather than a full password recovery.

tmcmillion · ‎06-06-2003

I went to rommon and took out aaa config.

Thanks for your input,

Todd.