Cisco 3750 SFP - Radius Issue

Hello,

I have a Cisco 3750 - 12 SFP. It uses Radius authentication. The problem is that I have a network issue and I dont have access to that Radius server, so I am unable to log in to the switch.

I have tried username offline and blank password but doesnt allow me to log in.

How can I get access to this switch without resetting its config now ?

Thanks.
maxihostAsked:
Who is Participating?
 
FrabbleConnect With a Mentor Commented:
You will need to use whatever alternative you configured. Usually local is at the end of the authenication login method list so that a configured local user/password can be used if connectivity to authentication servers fails.

Alternatively, you can try and connect to the switch device manager by http using your browser, as long as the http server has not been disabled on the switch. Use the secret password or enable password if it has been set.
0
 
InteraXCommented:
In the worst case scenario, you could look at using password recovery. If this has been disabled, your only other option is to wipe the config and reconfigure from scratch.
0
 
rochey2009Commented:
Hi,

Do you have a local username and password defined on the switch and did you configure local in addition to radius?

e.g.
username local password password
aaa authentication default group radius local
0
 
Istvan KalmarHead of IT Security Division Commented:
Hi,

Ig you not have local username and local authentication you not able to login till you npt recovered the device...

I advise to PUT another SFP for radius uplink and login, all SFP slot hotplug!

0
 
KuleazeCommented:
The above answers are very accurate. Setting a usename and password locally is a great option and should be a definite practice when authenticating to a RADIUS server. LIke the others state, when you loose access to RADIUS, you loose the ability to login through telnet/ssh.

Is it possible you could direct someone locally to connect through the console cable and see if they're able to access, hopefully you have that wide open - I mean it's a shot in the dark, but maybe you'll get lucky. Then you could instruct them how to put a temporary username and password, this would allow you to get to it remotely till the issue is resolved. The only other possibility is through Web, if http server is active.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.