Is there anyway to get into the device when you don't have local user defined and you have lost TACACS server? I'm in the situation where I have lost TACACS server and there is no localuser defined in the device. I console into it and I get the username prompt but device is unable to talk to TACACS server. I'm trying options other than doing a password recovery which requires reboot.
Solarwinds is one of them where you can use the ip address of the device and SNMP string RW is what you should know.
In this you can pull the config of the device. And then you can set a local username for console or vty as per your config or remove the tacacs config and log in to the device.this will be without any reboot.
If the console is prompting for a user name to authenticate but there is no user defined, and if there is no ip connectivity so telnet is not possible, then I am not sure that there is any alternative to doing password recovery.
I am a little puzzled about the situation. You are reluctant to do password recovery because it requires a reboot, which would seem to indicate that it is a live functioning router that you do not want to disturb. But if I understand the post right there is no IP connectivity. How can there be no IP connectivity if it is a live functioning router? Or how could there be no IP connectivity and no telnet capability if there is IP connectivity? Perhaps you could explain more about your situation?
I know it is an interesting situation, let me explain you what happended, it is a layer2 switch in the vtp transparent mode and it is working fine except I accidently removed the management vlan from the switch when trying to remove unused vlans. Now I'm in the situation that I can't telnet/ssh to the switch because mgmt vlan (vlan 600) is not active in the switch therefore it is unable to talk to TACACS server. I can't access via console because it asks for the username/password and unfortunately no localuser defined. It is live and working because all other vlan are there.
I wish there was, there is only ip address configured in this switch, which is the mgmt ip in the vlan 600 and vlan 600 is no longer there. I don't think I have any other option but to do the password recovery.
With that explanation it makes a lot of sense. If it is a layer 2 switch that is functioning to forward at layer 2 on user VLANs but does not have a management address, and if access through the console is prompting for a username, then I believe that your only option is password recovery.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...