I recently took on a client who did not have any password information for his router and changes needed to be made. It's a Cisco 1720 on a T1 Frame Relay connection by the way using IOS ver 12.2
I subsequently went through the password recovery process reset the router changed the password and made the necessary changes that I needed to and setup general security on the router. I then took note of all the passwords and saved a config file to a tftp server. I reset the router and everything works fine but the router won't let me into enable mode.
I can use the enable secret password to access the device but it does not allow me to enter config mode from either the console, aux or telnet. I checked the information I listed in the config file and I'm using the correct passwords but they don't work.
This isn't a problem now but it will be the next time I have to go in and make changes to this router, has anyone seen this before or have an explaination?
I want to be sure that I am correctly understanding what you describe. I believe you say that you get the same behavior whether you access the console, aux, or telnet. I believe you indicate that you can log into the router into user mode. In one paragraph you say that it will not let you into enable mode but the next paragraph says that you can use the enable secret password. So am I correct that you do get into enable mode (you can do extended ping for example) but can not get into config mode?
One possibility is that the router configures aaa command authorization and that the userID is not authorized for config mode. Could you post the router config (at least the aaa part of the config)? Also could you tell us exactly what happens (and any error message) when you attempt to get into config mode?
Sorry I'll try to be more clear. Console, Telnet and Aux all operate the same. I can only access user mode. When I stated that I used the enable secret password I wasn't being clear. I set the router to require password authentication on all external interfaces and I typically use the enable password just to get into user mode. However, this same password does not allow me into config mode.
I will post a router config later currently the config is on another laptop, I appreciate the response.
I do not want to be overly picky but I need some clarification. There are three stages you go through: user mode, then exec mode (or privilege mode to be precise), and then config mode. It is now clear that you do get into user mode and not config mode. But I am still unclear whether you are getting into exec mode. If you are not getting into exec mode it indicates some issue with how authentication for exec mode is configured. If you are getting into exec mode but not config mode it sounds to me like an authorization issue rather than an authentication issue.
Posting the router config will definitely be helpful.
When assuming that you did not make a type while entering the enable password, I can see only one possible cause:
The router was originally configured with an enable SECRET. After you did the password recovery, you entered a new enable PASSWORD.
Now the rule with devices having both of these configured is that the secret prevails over the password. You should have either overwritten the enable secret or used the no ena sec after entering the new password.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.