Cisco 2600 lockout

Posted on 2006-03-30
Last Modified: 2013-11-16
We implemented Radius(IAS) and now we are unable to do anything on one of our routers.  We can login but with limited access.  We are unable to do sh run or config t.  We get Command Authorization Failed.  The router is outside the Pix and I don't believe the router was ever communicating with the IAS because we were prompted for 2 passwords and only allowed to get to the # prompt with the enable login not the IAS domain login.  So, needless to say we are basically locked out.  How can we get back in to remove the aaa configurations in the router?
Question by:Jelonet
    LVL 25

    Expert Comment

    Do you have physical access to the router?

    You can console in and do a password recovery procedure.
    Just turn off the router, turn it back on, hit ctrl-break.
    I believe for the 2600 you type
    confreg 0x2102
    to bypass the startup config
    then type
    go into enable and global mode
    run copy start run
    redo the lines you need, copy run start
    then in global mode type (check on it, because I can't remember the exact syntax)
    config-register 0x2142
    then reload
    you should be good again

    Author Comment

    Is ther a way I can recover the current config/IOS image? Do I have to completley reconfigure the router after the reload or just change/deleted the aaa stuff
    LVL 25

    Accepted Solution

    the after you change the register the router uses to boot, it just skips over the config loading process. so your entire config is still in nvram unaltered.  Its just that since its not loaded, there is no password you need to enter to get to enable and global modes.  Just make sure that when you alter the config you are in configure terminal global mode and as soon as the show run looks right, commit it to nvram, change the register to boot to and reload the router.

    If you want more specific steps, which I recommend getting, google cisco 2600 password recovery procedure.  You should be able to sub 2600 with your exact model number to find the specific one, but all 2600's should use the same procedure.  You should be able to find a page there that will tell you step by step what to do.

    Author Comment

    It is a 2600 and I'll give it a shot.  If it don't work I'll just have to reconfigure it.  Thanks for your help.

    Featured Post

    Live: Real-Time Solutions, Start Here

    Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

    Join & Write a Comment

    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now