We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now


Cisco 2600 lockout

Jelonet asked
Medium Priority
Last Modified: 2013-11-16
We implemented Radius(IAS) and now we are unable to do anything on one of our routers.  We can login but with limited access.  We are unable to do sh run or config t.  We get Command Authorization Failed.  The router is outside the Pix and I don't believe the router was ever communicating with the IAS because we were prompted for 2 passwords and only allowed to get to the # prompt with the enable login not the IAS domain login.  So, needless to say we are basically locked out.  How can we get back in to remove the aaa configurations in the router?
Watch Question

Cyclops3590Sr Software Engineer

Do you have physical access to the router?

You can console in and do a password recovery procedure.
Just turn off the router, turn it back on, hit ctrl-break.
I believe for the 2600 you type
confreg 0x2102
to bypass the startup config
then type
go into enable and global mode
run copy start run
redo the lines you need, copy run start
then in global mode type (check on it, because I can't remember the exact syntax)
config-register 0x2142
then reload
you should be good again


Is ther a way I can recover the current config/IOS image? Do I have to completley reconfigure the router after the reload or just change/deleted the aaa stuff
Sr Software Engineer
the after you change the register the router uses to boot, it just skips over the config loading process. so your entire config is still in nvram unaltered.  Its just that since its not loaded, there is no password you need to enter to get to enable and global modes.  Just make sure that when you alter the config you are in configure terminal global mode and as soon as the show run looks right, commit it to nvram, change the register to boot to and reload the router.

If you want more specific steps, which I recommend getting, google cisco 2600 password recovery procedure.  You should be able to sub 2600 with your exact model number to find the specific one, but all 2600's should use the same procedure.  You should be able to find a cisco.com page there that will tell you step by step what to do.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts


It is a 2600 and I'll give it a shot.  If it don't work I'll just have to reconfigure it.  Thanks for your help.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.