Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

locked (telnet and console) due to aaa-new model configuration

Hi Netpro

I have router locked (telnet and console) due to aaa-new model configuration , how to unlock this router , i nned to access it through the network

N:B,I have on the router local user name in the Database

Thanks

8 REPLIES
Silver

locked (telnet and console) due to aaa-new model configuration

Hello,

You can either disconnect or make the TACACS+/RADIUS server unavailable for the IOS to fallback to the local IOS accounts and access the device. For this to work you should have configured "local" as a fallback method on the AAA Command.

If not, a reboot might be needed (if you did not save the configuration after adding the AAA Commands) for you to access the device before activating AAA.

If this was helpful please rate.

Regards.

Community Member

locked (telnet and console) due to aaa-new model configuration

Thanks for your reply carlos,i saved the config so the restart is none sense

Silver

locked (telnet and console) due to aaa-new model configuration

Hello,

Do you have the configuration you used at handy for you to share it with us? Also, which Authentication server are you using (ACS, NPS, IAS, Free Radius)?

Regards.

Community Member

locked (telnet and console) due to aaa-new model configuration

the AAA Server is ACS 4.2

Silver

locked (telnet and console) due to aaa-new model configuration

Hello,

You can stop the ACS services from System  Configuration > Service Control > Click "Stop" in order to  simulate an outage on the server side.

If you configure  your IOS AAA commands with "group tacacs+" and then "local" as a  fallback method, you should be able to access the device with the local  usernames defined on the IOS configuration.

NOTE: If you are not able to access the IOS device after the above a password recovery might be needed on the IOS device.

If this was helpful please rate.

Regards.

Community Member

locked (telnet and console) due to aaa-new model configuration

Hi Carlos

I will update y

Community Member

locked (telnet and console) due to aaa-new model configuration

i have question why we need password recovery if the above doesn't work

locked (telnet and console) due to aaa-new model configuration

Hi Jamil

If you do not have 2 types of authentications ( tacacs with local fallback for example ) stoping the ACS service will not be usefull for you. If you have configured tacacs with local fallback , when stoping the ACS service you will be able to use the local user for login. If you are in the first case ( tacacs only ) your only option is password recovery.

Dan

809
Views
12
Helpful
8
Replies
CreatePlease to create content