Cisco IOS Privilege Limitation
Published on
9,055 Points
Problem Description:
Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s.
We were in need for public IP’s to publish our web resources at the branch office
Also Home ADSL connection ISP leases the DHCP IP address to the customers and this will IP can change on frequent basis and sometimes you will find it difficult for port forwarding
Anyway so after the upgrade we were given pre-configured Cisco Router by ISP. Unfortunately, the LAN subnet configured on the router was conflicting with our IP Addressing Schema. Therefore, it was important to change the subnet on the router.
When I access to the router through the console and issue sh running-config command but the resulting configuration was virtually blank.
Moreover, I was not privileged to enter configuration mode. Then I used the command in exec mode
Moreover, I was not privileged to enter configuration mode. Then I used the command in exec mode
Show privilege: This command displays the current privilege. Here's an example:
With this privilege only the configure commands that are permitted are actually displayed.
Solution
Follows the below steps to resolve this issue and of course we can’t’ afford to lose the configurations
1. Enter into the router in rom monitor mode.
2. rommon 1 > confreg 0x2142
You must reset or power cycle for new config to take effect
rommon 2 > reset
3. The router will now reset and start its normal bootup process; however, the current configuration will be ignored. When the bootup is complete, you will be prompted to 'enter the initial configuration dialog', answer 'no':
4. Next step is to enter 'Privileged Mode' and load the router's configuration from nvram.
7. The router will now reload and use the new configuration that contains the newly username and password.
Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s.
We were in need for public IP’s to publish our web resources at the branch office
Also Home ADSL connection ISP leases the DHCP IP address to the customers and this will IP can change on frequent basis and sometimes you will find it difficult for port forwarding
Anyway so after the upgrade we were given pre-configured Cisco Router by ISP. Unfortunately, the LAN subnet configured on the router was conflicting with our IP Addressing Schema. Therefore, it was important to change the subnet on the router.
When I access to the router through the console and issue sh running-config command but the resulting configuration was virtually blank.
Moreover, I was not privileged to enter configuration mode. Then I used the command in exec mode
R1# sh run config
Current configuration : 3743 bytes
! No configuration change since last restart
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
end
Moreover, I was not privileged to enter configuration mode. Then I used the command in exec mode
Show privilege: This command displays the current privilege. Here's an example:
R1# show privilege
Current privilege level is 2
With this privilege only the configure commands that are permitted are actually displayed.
Solution
Follows the below steps to resolve this issue and of course we can’t’ afford to lose the configurations
1. Enter into the router in rom monitor mode.
2. rommon 1 > confreg 0x2142
You must reset or power cycle for new config to take effect
rommon 2 > reset
3. The router will now reset and start its normal bootup process; however, the current configuration will be ignored. When the bootup is complete, you will be prompted to 'enter the initial configuration dialog', answer 'no':
4. Next step is to enter 'Privileged Mode' and load the router's configuration from nvram.
Router>
Router> enable
Router# copy startup-config running-config
Destination filename [running-config]? (hit enter)
Building configuration...
[OK]
R1# configure terminal
R1(config)# enable password cisco
R1(config)# enable secret cisco
R1(config)# line console 0
R1(config-line)# password cisco
R1(config)# username cisco privilege 15 secret cisco
R1(config)# config-register 0x2102
R1(config)# exit
R1#copy running-config startup-config
Destination filename [startup-config]? (hit enter)
Building configuration...
[OK]
R1#reload
7. The router will now reload and use the new configuration that contains the newly username and password.
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.