Old 2500 series had a Link to NT Domain - Easy ACVS was removed )-;

stownsend · ‎07-16-2002

We had an old 2500 series with 8 analog ports. We had AAA set up with EasyACS connected to a WinNT PDC. It was working great! Well till someone formatted that machine and wiped out the install of EasyACS.

I cant get into my router now. It Says % Authentication failed.

from a telnet or Console connection.

I'd like to save the router config and gain access to it again. How can I do this?

I have the following from the Config if this Helps (I also know the values of the items in <>)

aaa new-model

aaa authentication login default tacacs+

aaa authentication login no_tacacs enable

aaa authentication ppp default tacacs+

aaa authorization exec tacacs+

aaa authorization network tacacs+ if-authenticated

aaa accounting exec start-stop tacacs+

aaa accounting network start-stop tacacs+

enable secret 5 <secretpass>

enable password 7 <enablePass>

!

username <user1> password 7 <pass1>

username <user2> password 7 <pass2>

tacacs-server host <host IP Address>

tacacs-server key <key>

Thanks,

Scott<-

gfullage · ‎07-22-2002

You need to have the router boot up without any of the config, that'll allow you to get into it and change the config so that you'll have a backup AAA process.

What you want the config to end uplooking like is:

aaa authentication login default tacacs+ local

aaa authorization exec tacacs+ none

This will tell the router that if the TACACS server is unavailable, to try the next AAA process in the list, in this case it will default tothe local username database.

Now, to get into the router so that you can do this, you basically follow the password recovery procedures (http://www.cisco.com/warp/public/474/pswdrec_2500.html), but at step 12, instead of changing the password, enter the commands I showed above. Follow the rest of the procedures and when the router boots up, if the tACACS server is unavailable then it'll use the local username database on the router.