cancel
Showing results for 
Search instead for 
Did you mean: 

Enable Password Fiasco

joel_doetsch
New Contributor

Hi All,


I'm working with a client who recently let go of their network engineer and hired our company to help with managing their network.  It appears that the enable password they were given by the engineer as he left is not the actual enable password, which leaves us in a bit of a situation.  

Typically, I would just say let's go and reboot the switches and do a password reset, but there are a lot of switches and they're spread out across the country, meaning it's going to be a slog.

They've got a AAA setup in the configuration.  I was curious as to whether a user could be somehow elevated on the RADIUS side so that when they logged in, they were already in enable mode.  

Just wanted to get thoughts on the subject and see if I'm just delaying the inevitable or if it's feasible.

Cheers

-J

5 REPLIES 5

vu_pham_ghtztqm
New Contributor III

Hi - Please share the aaa config from the ICX.

show run | inc aaa

Let us see if there is a way.

Thanks

Vu

If you have these two statements in the config, then we should be able to login the enable mode with a radius account:

SSH@ICX7150-C12-SW1(config)#show run | inc aaa
aaa authentication enable default radius local
aaa authentication login default radius local

Thanks,

Vu

Hmm...it looks like that isn't the case (at least on the random sample that I've taken)

aaa authentication login default local radius

is the only configuration for AAA

jijo_panangat
RUCKUS Team Member

Hi Joel,

The authentication order set is local followed by radius, You can find more info on authentication order in the below link.

https://docs.commscope.com/bundle/fastiron-08090-commandref/page/GUID-E345B830-6EFF-4A96-9832-1B1351...

https://docs.commscope.com/bundle/fastiron-08090-commandref/page/GUID-12709AE8-FF8D-458C-9A7E-9F885A...

 If the problem persist, Pls open a support case so that our team can review the config and make the necessary changes.

Thanks

Jijo