[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 353
  • Last Modified:

Cisco 2600 lockout

We implemented Radius(IAS) and now we are unable to do anything on one of our routers.  We can login but with limited access.  We are unable to do sh run or config t.  We get Command Authorization Failed.  The router is outside the Pix and I don't believe the router was ever communicating with the IAS because we were prompted for 2 passwords and only allowed to get to the # prompt with the enable login not the IAS domain login.  So, needless to say we are basically locked out.  How can we get back in to remove the aaa configurations in the router?
  • 2
  • 2
1 Solution
Do you have physical access to the router?

You can console in and do a password recovery procedure.
Just turn off the router, turn it back on, hit ctrl-break.
I believe for the 2600 you type
confreg 0x2102
to bypass the startup config
then type
go into enable and global mode
run copy start run
redo the lines you need, copy run start
then in global mode type (check on it, because I can't remember the exact syntax)
config-register 0x2142
then reload
you should be good again
JelonetAuthor Commented:
Is ther a way I can recover the current config/IOS image? Do I have to completley reconfigure the router after the reload or just change/deleted the aaa stuff
the after you change the register the router uses to boot, it just skips over the config loading process. so your entire config is still in nvram unaltered.  Its just that since its not loaded, there is no password you need to enter to get to enable and global modes.  Just make sure that when you alter the config you are in configure terminal global mode and as soon as the show run looks right, commit it to nvram, change the register to boot to and reload the router.

If you want more specific steps, which I recommend getting, google cisco 2600 password recovery procedure.  You should be able to sub 2600 with your exact model number to find the specific one, but all 2600's should use the same procedure.  You should be able to find a cisco.com page there that will tell you step by step what to do.
JelonetAuthor Commented:
It is a 2600 and I'll give it a shot.  If it don't work I'll just have to reconfigure it.  Thanks for your help.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now