Cisco IOS - Stuck in Read Only Mode

Question

I can't figure out what happened but I can not enable privileged mode in my Cisco 3750.

At first, I tried:

   enable

to enter EXEC mode. My password would not work and it kicked me out after 3 retries.

Did some troubleshooting and happened to try:

    enable 5

and the password worked. The Switch shows the "#" to signify EXEC mode.

The problem is that from this command prompt I can't run the normal commands such as "configure terminal". Only basic commands like "show vlan" are valid.

Any thoughts?

score 0 · Answer 1 · edited Jun 22 '14 at 12:37

0

Does your switch use internal authentication? Or do you have an authentication server?

Something changed and your enable password no longer has the necessary access level. Either you changed something inadvertently, or someone else changed it. They don't just change on their own.

If there is an authentication server, make sure your account is still active.

If your authentication is done internally and all credentials are lost, you can try to reset the password. See the guide below. You will have to power cycle your switch once, though.

Password recovery precedure: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-2950-series-switches/12040-pswdrec-2900xl.html

edited Jun 22 '14 at 12:37

Oleg Tikhonov

5
1

answered May 28 '14 at 12:47

myron-semack

2,573
18
16

No AAA authentication. I do have a backup on a tftp server. I wanted to see if there was another way to access the config terminal without having to take down the switch. Do you think password recovery will work? – Kev May 28 '14 at 16:09
It depends on whether or not you have Password Recovery enabled in your config. Worst case you have to completely blow away the config and start over. http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_44_se/configuration/guide/scg/swtrbl.html#wp1021182 – myron-semack May 28 '14 at 17:49

score 0 · Accepted Answer · answered Jun 22 '14 at 13:49

The command enable n will give you the privilege level specified by n, which is a level from 0 to 15. To manage the box, you usually want 15.

You can always recover the password by rebooting with a serial console attached and sending a break signal during the boot process. This is well documented at the Cisco site.

In order to manage your switch with a user, you usually want aaa new-model along with all the aaa authentication... and aaa authorization... configs, plus your username needs to be level 15, i.e., username kev privilege 15 secret yourpassword

Not sure what the exact problem was but this answer has the best guidance towards what you should configure. — Kev, Oct 20 '17 at 07:04

Cisco IOS - Stuck in Read Only Mode

2 Answers2