Hi,<br><br>I can't access the router via the console port... And the password is somehow corrupt after last change.<br>Anyone know if a access-class entry pointíng to a non-existing access-class could be causing this problem.<br>Any recommendations on what to do?<br><br>Regards<br><br>Lars
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
2501Console port damaged? 1
- Thread starter lardum
- Start date
-
1
- #2
Thusfar in my short career I've never seen a situation where the console port is damaged (physically or electronically) to the point where you could not access it. However, it sounds like you have a major configuration problem. I don't know for sure if an access-class or lack thereof is causing this particular issue.<br><br>My suggestion is to power down the router, open it up and while properly using anti-static protective measures (ground straps, etc.) remove the flash. This will boot the router without any previous configuration, hopefully eliminating any configuration perameter preventing console port access. Power it back up, perform a password recovery, and you'll find yourself in the default (factory) configuration mode. From here configure the router for basic start-up cofiguration.<br><br>While properly using anti-static protective measures (ground straps, etc.) put the flash back in and repeat the basic start-up configuration. At this point you can now configure the router for your specific requirements. Do not use (cut & paste) the previous configuration !!! <br><br>Remember, it's the previous configuration that locked you out of your console port. It's best to start from scratch and reconfigure the router. You can, however, use a copy of the previous configuration if you use notepad to remove any access lists which prevented you from using the console port.<br><br>Hope this helps.
- Thread starter
- #3
These are the only configurations:<br><br>line con 0<br> access-class 1 in<br> access-class 2 out<br> exec-timeout 0 0<br> password 7 XXX<br> login<br>line aux 0<br> access-class 1 in<br> access-class 2 out<br> password XXX<br> login<br> transport input all<br>line vty 0 4<br> access-class 1 in<br> access-class 2 out<br> password 7 XXX<br> login<br><br>Can any of these commands cause the routers console port to malfunction? There are no access- commands earlier in the config...<br><br>Regards<br><br>Lars
Yes in deed. Access-class 1 & 2 are applied to line vty 0 4 is probably the reason you're locked out of telnet, and to line con 0 is the reason you are locked out of you console port.<br><br>From what I can tell, you are applying two access lists to your console, aux, and telnet ports. Without seeing the access list, I can't determine what it is what you are trying to do. The first rule of any access list is to always make sure you can get in before you enter the command. Remember, an access list will permit only what you tell it to, and deny access to everything else (including you). <br><br>I can understand why you would want an access list on the aux and vty ports, but why on earth would you lock you console port? If your router is physically secure then you don't need this. Even if it wasn't secure, a user has to enter a passowrd to be able to configure the router. Again, I don't know what your environment or security perameters are like so I can't truly comment on that.<br><br>My suggestion is to remove the access class and password from line con 0, save the new config, and you should be set.
- Thread starter
- #5
Hi,<br><br>There are no access-lists defined earlier in the configuration, and the funny thing is that i DO have telnet access from any client in my network.<br>I wasnt the one who configured this router, and when i started to look through the config i started with changing the password. After that i couldn't get in either with the old or the new password...<br>So, as you can imagine, im totally locked out from the router...
We use a standard configuration ...<br>line con 0<br>exec-timeout 30 0<br>password ???<br>login <br>transport input none <br><br>line aux 0<br>exec-timeout 30 0<br>password ???<br>login <br>modem inout <br>modem autoconfigure discovery <br>transport input all<br>speed 115200<br>flowcontrol hardware <br><br>line vty 0 4<br>exec-timeout 30 0<br>password ???<br>login <br><br>I have never had a problem with this configuration !!! <br>I hope this is helpful !!!
After reading your post I am somewhat confused. You say that you have telnet access, but you then go on to say that you're totally locked out. If your totally locked out then you're totally screwed. See my first response to solve this issue. However, If you do have telnet access and the privileged mode passwords, this is a major breakthrough. <br><br>Access-class(s) are the application of an access-list to a specific type of interface. If you don't need the access list on the console terminal (TAKE IT OFF !!) Telnet into your router, do a show config command and see what your current config is. Once in the priviledge mode, you can now reconfigure the router to your specific needs. Write the new config to memory and you now have console port access. <br>Using notepad make a copy the config and save it to a file server. <br><br>This should do the trick. Hope this helps.
- Thread starter
- #8
- Thread starter
- #10
Nuke the ACLs on the console port and see if it doesn't just magically get fixed (you said you still have telnet access, right?). If you don't have the ACL defined, I'm guessing it's doing an implicit deny any. I can't see why you'd even want an ACL on a console port. I can understand on a AUX port where you want to control someone using it as a reverse telnet device, but not for console. [sig][/sig]
- Status