I've made a schoolboy error! :D

gorebrush · July 2009

I have a router which I sent out to a remote site in January.

It's worked since, no problems. (It was a direct replacement because we had to get new VPN site-to-site connections up and running)

However, I have since discovered that in all my infinite wisdom, I have failed to set an enable password.

Am I right in thinking that the only way I can do this is by connecting a console cable?

I'm pretty sure this is the only option I've got, but it's been a few months since I have done anything Cisco, and my memory fails me.

Thanks all.

laidbackfreak · July 2009

Doh !!! still we've all done it at some point

and yep console cable it is

Take it you've not tried to enable it since either ? Else you'd figure it out

so how far you gotta go to do it?

tech-airman · July 2009

gorebrush wrote: »

I have a router which I sent out to a remote site in January.

It's worked since, no problems. (It was a direct replacement because we had to get new VPN site-to-site connections up and running)

However, I have since discovered that in all my infinite wisdom, I have failed to set an enable password.

Am I right in thinking that the only way I can do this is by connecting a console cable?

I'm pretty sure this is the only option I've got, but it's been a few months since I have done anything Cisco, and my memory fails me.

Thanks all.

gorebrush,

As part of that infinite wisdom, did you configure an IP address on the interface of the remote router that you can ping from your local host?

gorebrush · July 2009

I can telnet into said device.

However, whenever I try and issue "enable" I just get: -

% no password set

Normally if there is no password set, I get the trusty

router#_

So, I think i've learned the hard way

The router requires a login and password, so I think it is secure. However, now I'm concerned I havent set a console password or anything. I literally lifted the previous config off the old router and built a new one - It seems I didn't spend enough time checking the security side of things..

Schoolboy.

tech-airman · July 2009

gorebrush wrote: »

I can telnet into said device.

However, whenever I try and issue "enable" I just get: -

% no password set

Normally if there is no password set, I get the trusty

router#_

So, I think i've learned the hard way

The router requires a login and password, so I think it is secure. However, now I'm concerned I havent set a console password or anything. I literally lifted the previous config off the old router and built a new one - It seems I didn't spend enough time checking the security side of things..

Schoolboy.

gorebrush,

For the heck of it, can you open a web browser and go to URL http://[ip address of router interface] ?

aordal · July 2009

Does that remote site have any servers near the router? In the past I've shipped a console cable to a user I trust and asked them to hook the console cable from the router to the server. Then RDP into the server and putty in.

If no server maybe a desktop with serial port or something similar.. you get the idea.

jbrad95706 · July 2009

aordal wrote: »

Does that remote site have any servers near the router? In the past I've shipped a console cable to a user I trust and asked them to hook the console cable from the router to the server. Then RDP into the server and putty in.

If no server maybe a desktop with serial port or something similar.. you get the idea.

This is good thinking ^

gorebrush · July 2009

tech-airman wrote: »

gorebrush,

For the heck of it, can you open a web browser and go to URL http://[ip address of router interface] ?

Well.

It appears to be loading a Cisco Router Web Setup...

I'll see what I can yield from this, but looks promising

Not seen this before, I predominantly work in the IOS only!

gorebrush · July 2009

aordal wrote: »

Does that remote site have any servers near the router? In the past I've shipped a console cable to a user I trust and asked them to hook the console cable from the router to the server. Then RDP into the server and putty in.

If no server maybe a desktop with serial port or something similar.. you get the idea.

Excellent idea.

Not sure if the Router is close enough to a PC, though I am fairly confident that a nearby PC has a serial port.

I have loads of spare console cables to.

I like it.

gorebrush · July 2009

Well, I tried connecting to it over HTTP

I just get a loading screen and nothing...

Oh well.

apd123 · July 2009

If you haven't done something like this you either work off of only templates or you haven't configured enough equipment yet.

kryolla · July 2009

apd123 wrote: »

If you haven't done something like this you either work off of only templates or you haven't configured enough equipment yet.

and most templates use AAA

gorebrush · July 2009

apd123 wrote: »

If you haven't done something like this you either work off of only templates or you haven't configured enough equipment yet.

Yes, it is true. A lot of my experience unfortunately is lab.

How will I learn without experience and making the mistakes?

;(

tiersten · July 2009

gorebrush wrote: »

Well, I tried connecting to it over HTTP

I just get a loading screen and nothing...

Oh well.

This the SDM doesn't work well with certain newer versions of Java problem? What does the Java console say when you try to load the SGZ app file?

Forsaken_GA · July 2009

aordal wrote: »

Does that remote site have any servers near the router? In the past I've shipped a console cable to a user I trust and asked them to hook the console cable from the router to the server. Then RDP into the server and putty in.

If no server maybe a desktop with serial port or something similar.. you get the idea.

I had to do this this week when we moved some servers to our new data center. Someone forgot to configure the vlans on shared backend switch, so I had to have one of the onsite guys dig up a console cable and hooke it up to a server so I could configure the switch hehe

gorebrush · July 2009

tiersten wrote: »

This the SDM doesn't work well with certain newer versions of Java problem? What does the Java console say when you try to load the SGZ app file?

Ah, could be.

I had the wonderful idea of "upgrading" Java on one server to try and get in.

I haven't looked in the Java Console, didn't know you could actually.

laidbackfreak · July 2009

gorebrush wrote: »

How will I learn without experience and making the mistakes?
(

making mistakes is ok, as long as you learn from them

colleague of mine (CCNP) did the same thing with a switch on one of our sites, it just happened to be the furthest one away from us!!

jovan88 · July 2009

I had to set up one of our routers with an out of band modem connected to the console port. That would have come in handy for a situation like this!

gorebrush · July 2009

Well, I have loaded Java 1.50.5 onto one of our servers (Thank you oldapps.com) and now I can get into the Web interface of the router.

Hey, i've learned a few lessons here

gorebrush · July 2009

Thanks to all for your help.

Using the web interface, I have set an enable password and I've cleared my problem.

APA · July 2009

ba....and here cisco is saying leaving 'ip http server' enabled is useless\risky....

hehe

gorebrush · July 2009

Hmm, I can turn that off now too...

I've made a schoolboy error! :D

Comments