I've made a schoolboy error! :D

gorebrushgorebrush Posts: 2,741Member
I have a router which I sent out to a remote site in January.

It's worked since, no problems. (It was a direct replacement because we had to get new VPN site-to-site connections up and running)

However, I have since discovered that in all my infinite wisdom, I have failed to set an enable password.

Am I right in thinking that the only way I can do this is by connecting a console cable?

I'm pretty sure this is the only option I've got, but it's been a few months since I have done anything Cisco, and my memory fails me.

Thanks all.

Comments

  • laidbackfreaklaidbackfreak Posts: 991Member
    Doh !!! still we've all done it at some point

    and yep console cable it is icon_smile.gif Take it you've not tried to enable it since either ? Else you'd figure it out

    so how far you gotta go to do it?
    if I say something that can be taken one of two ways and one of them offends, I usually mean the other one :-)
  • tech-airmantech-airman Posts: 953Member
    gorebrush wrote: »
    I have a router which I sent out to a remote site in January.

    It's worked since, no problems. (It was a direct replacement because we had to get new VPN site-to-site connections up and running)

    However, I have since discovered that in all my infinite wisdom, I have failed to set an enable password.

    Am I right in thinking that the only way I can do this is by connecting a console cable?

    I'm pretty sure this is the only option I've got, but it's been a few months since I have done anything Cisco, and my memory fails me.

    Thanks all.

    gorebrush,

    As part of that infinite wisdom, did you configure an IP address on the interface of the remote router that you can ping from your local host?
  • gorebrushgorebrush Posts: 2,741Member
    I can telnet into said device.

    However, whenever I try and issue "enable" I just get: -

    % no password set

    Normally if there is no password set, I get the trusty

    router#_

    So, I think i've learned the hard way ;)

    The router requires a login and password, so I think it is secure. However, now I'm concerned I havent set a console password or anything. I literally lifted the previous config off the old router and built a new one - It seems I didn't spend enough time checking the security side of things..

    Schoolboy.
  • tech-airmantech-airman Posts: 953Member
    gorebrush wrote: »
    I can telnet into said device.

    However, whenever I try and issue "enable" I just get: -

    % no password set

    Normally if there is no password set, I get the trusty

    router#_

    So, I think i've learned the hard way ;)

    The router requires a login and password, so I think it is secure. However, now I'm concerned I havent set a console password or anything. I literally lifted the previous config off the old router and built a new one - It seems I didn't spend enough time checking the security side of things..

    Schoolboy.

    gorebrush,

    For the heck of it, can you open a web browser and go to URL [url]http://[ip[/url] address of router interface] ?
  • aordalaordal Posts: 372Member
    Does that remote site have any servers near the router? In the past I've shipped a console cable to a user I trust and asked them to hook the console cable from the router to the server. Then RDP into the server and putty in.

    If no server maybe a desktop with serial port or something similar.. you get the idea.
  • jbrad95706jbrad95706 Posts: 225Member
    aordal wrote: »
    Does that remote site have any servers near the router? In the past I've shipped a console cable to a user I trust and asked them to hook the console cable from the router to the server. Then RDP into the server and putty in.

    If no server maybe a desktop with serial port or something similar.. you get the idea.

    This is good thinking ^

    icon_thumright.gif
  • gorebrushgorebrush Posts: 2,741Member
    gorebrush,

    For the heck of it, can you open a web browser and go to URL [url]http://[ip[/url] address of router interface] ?

    Well.

    It appears to be loading a Cisco Router Web Setup...

    I'll see what I can yield from this, but looks promising

    Not seen this before, I predominantly work in the IOS only!
  • gorebrushgorebrush Posts: 2,741Member
    aordal wrote: »
    Does that remote site have any servers near the router? In the past I've shipped a console cable to a user I trust and asked them to hook the console cable from the router to the server. Then RDP into the server and putty in.

    If no server maybe a desktop with serial port or something similar.. you get the idea.

    Excellent idea.

    Not sure if the Router is close enough to a PC, though I am fairly confident that a nearby PC has a serial port.

    I have loads of spare console cables to.

    I like it.
  • gorebrushgorebrush Posts: 2,741Member
    Well, I tried connecting to it over HTTP

    I just get a loading screen and nothing...

    Oh well.
  • apd123apd123 Posts: 171Member
    If you haven't done something like this you either work off of only templates or you haven't configured enough equipment yet.
  • kryollakryolla Posts: 785Member
    apd123 wrote: »
    If you haven't done something like this you either work off of only templates or you haven't configured enough equipment yet.

    and most templates use AAA
    Studying for CCIE and drinking Home Brew
  • gorebrushgorebrush Posts: 2,741Member
    apd123 wrote: »
    If you haven't done something like this you either work off of only templates or you haven't configured enough equipment yet.

    Yes, it is true. A lot of my experience unfortunately is lab.

    How will I learn without experience and making the mistakes?

    ;(
  • tierstentiersten Posts: 4,505Member
    gorebrush wrote: »
    Well, I tried connecting to it over HTTP

    I just get a loading screen and nothing...

    Oh well.
    This the SDM doesn't work well with certain newer versions of Java problem? What does the Java console say when you try to load the SGZ app file?
  • Forsaken_GAForsaken_GA Posts: 4,024Member
    aordal wrote: »
    Does that remote site have any servers near the router? In the past I've shipped a console cable to a user I trust and asked them to hook the console cable from the router to the server. Then RDP into the server and putty in.

    If no server maybe a desktop with serial port or something similar.. you get the idea.

    I had to do this this week when we moved some servers to our new data center. Someone forgot to configure the vlans on shared backend switch, so I had to have one of the onsite guys dig up a console cable and hooke it up to a server so I could configure the switch hehe
  • gorebrushgorebrush Posts: 2,741Member
    tiersten wrote: »
    This the SDM doesn't work well with certain newer versions of Java problem? What does the Java console say when you try to load the SGZ app file?

    Ah, could be.

    I had the wonderful idea of "upgrading" Java on one server to try and get in.

    I haven't looked in the Java Console, didn't know you could actually.
  • laidbackfreaklaidbackfreak Posts: 991Member
    gorebrush wrote: »
    How will I learn without experience and making the mistakes?
    (

    making mistakes is ok, as long as you learn from them icon_smile.gif

    colleague of mine (CCNP) did the same thing with a switch on one of our sites, it just happened to be the furthest one away from us!!
    if I say something that can be taken one of two ways and one of them offends, I usually mean the other one :-)
  • jovan88jovan88 Posts: 393Member
    I had to set up one of our routers with an out of band modem connected to the console port. That would have come in handy for a situation like this!
  • gorebrushgorebrush Posts: 2,741Member
    Well, I have loaded Java 1.50.5 onto one of our servers (Thank you oldapps.com) and now I can get into the Web interface of the router.

    Hey, i've learned a few lessons here ;)
  • gorebrushgorebrush Posts: 2,741Member
    Thanks to all for your help.

    Using the web interface, I have set an enable password and I've cleared my problem.

    :D
  • APAAPA Posts: 959Member
    ba....and here cisco is saying leaving 'ip http server' enabled is useless\risky....

    ;)

    hehe

    CCNA | CCNA:Security | CCNP | CCIP
    JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
    JNCIS:SP | JNCIP:SP
  • gorebrushgorebrush Posts: 2,741Member
    Hmm, I can turn that off now too...
Sign In or Register to comment.