Cisco IOS Privilege Limitation

Published:
Problem Description:  

Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s.
We were in need for public IP’s to publish our web resources at the branch office
Also Home ADSL connection ISP leases the DHCP IP address to the customers and this will IP can change on frequent basis  and sometimes you will find it difficult  for port forwarding
 
Anyway so after the upgrade we were given pre-configured Cisco Router by ISP. Unfortunately, the LAN subnet configured on the router was conflicting with our IP Addressing Schema. Therefore, it was important to change the subnet on the router.

When I access to the router through the console and issue sh running-config command but the resulting configuration was virtually blank.
Moreover, I was not privileged to enter configuration mode. Then I used the command in exec mode

R1# sh run config
                      Current configuration : 3743 bytes
                      ! No configuration change since last restart
                      version 15.1
                      no service pad
                      service timestamps debug datetime msec
                      service timestamps log datetime msec
                      no service password-encryption
                      !
                      hostname R1
                      !
                      boot-start-marker
                      boot-end-marker
                      !
                      end 

Open in new window


Moreover, I was not privileged to enter configuration mode. Then I used the command in exec mode
Show privilege:  This command displays the current privilege. Here's an example:

R1# show privilege
                      Current privilege level is 2

Open in new window


With this privilege only the configure commands that are permitted are actually displayed.

Solution

Follows the below steps to resolve this issue and of course we can’t’ afford to lose the configurations

1.      Enter into the router in rom monitor mode.
2.      rommon 1 > confreg 0x2142
You must reset or power cycle for new config to take effect
rommon 2 > reset
3.      The router will now reset and start its normal bootup process; however, the current configuration will be ignored. When the bootup is complete, you will be prompted to 'enter the initial configuration dialog', answer 'no':
4.      Next step is to enter 'Privileged Mode' and load the router's configuration from nvram.

Router>
                      Router> enable
                      Router# copy startup-config running-config
                      Destination filename [running-config]? (hit enter)
                      Building configuration...
                      [OK]
                      R1# configure terminal
                      R1(config)# enable password cisco
                      R1(config)# enable secret cisco
                      R1(config)# line console 0
                      R1(config-line)# password cisco
                      R1(config)# username cisco privilege 15 secret cisco
                      R1(config)# config-register 0x2102
                      R1(config)# exit 
                      R1#copy running-config startup-config
                      Destination filename [startup-config]? (hit enter) 
                      Building configuration...
                      [OK]
                      R1#reload

Open in new window


7.       The router will now reload and use the new configuration that contains the newly username and password.
0
3,541 Views

Comments (1)

Author

Commented:
Thank you very much.

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.