Password Recovery for AAA in AOS

Version 1

    Due to the security of the authentication, authorization, and accounting (AAA) feature, you are not able to perform the standard password recovery procedure on an ADTRAN Operating System (AOS) unit, until AAA is disabled.   This guide will aid in recovering a password on an AOS device that has AAA configured, by providing the necessary steps to disable AAA, to prepare the unit for the standard password recovery in AOS.


    Deployment Concerns and Considerations

    Steps to Disable AAA and Recover the Password using the Console Port

     

     

    Deployment Concerns and Considerations

     

    • The AOS device will need to be taken offline and rebooted multiple times; therefore, a maintenance window is recommend to perform these tasks.
    • To recover a password, the changes will have to be made through the Console port using the command line interface (CLI) of the AOS unit (this procedure cannot be performed remotely over Telnet, SSH, or the web interface). Here is a guide about how to access the CLI:  Accessing the Command Line Interface in AOS


    Steps to Disable AAA and Recover the Password using the Console Port


    • Reboot the unit by removing power.
      • As the unit boots, you will be given the opportunity to break into bootstrap mode by pressing the ESC key within 5 seconds.

    Executing bootstrap...

    ram: 268435456 bytes of RAM detected.

    Serial Number: LBADTNXXXXXXXXX

    Bootstrap version: 11.03.00, checksum: 0F3C, Thu Feb 09 17:40:34 2009

    vfs: NONVOL: 120 tracks, 128 sectors/track, 1024 bytes/sector.

    eth0/1: initializing...

    eth0/1: MAC address is 00:A0:C8:XX:XX:XX

    bootstrap: Checking boot configuration...

    bootstrap: Primary image is 'NONVOL:/NV5305A-18-01-05-E.biz'.

    bootstrap: User escaped to command line interface.

    cli: starting command line interface...

    cli: starting user interface

     

     

    Press '?' for help.


    • While in the bootstrap mode, issue the following commands:

    bootstrap#bypass startup-config

    bootstrap#boot


    • The unit will boot up without a running-config.  At this point, you will need to get into Priveleged Exec mode and then view the startup-configuration file with the following commands (Note: this command varies depending if the unit has CFlash.  Both commands are listed below.):

    >enable

    #show file startup-config

    or

    #show file flash startup-config


    • Copy the entire contents of this output to a text editor (such as Notepad)
    • Remove the line that enables AAA (aaa on) from the text file
    • Enter Global configuration mode by issuing the configure terminal command

    #configure terminal


    • Paste the entire contents of the file you previously edited
    • After the file has been pasted, exit Global configuration, by issuing the exit command

    (config)#exit


    • Save the configuration (which now has AAA disabled) with the write command

    #write