Question

VDX6730 password lost after upgrade

  • 20 November 2018
  • 12 replies
  • 599 views

Hello

I had upgraded two VDX6730 to version 4.1.3d. They were before at 3.0.1aa. During the upgrade I received some logs related to user admin and super changed parameters.
After the Upgrade was completed, I'm not able to connect to the management port. I get an authentication error.
I ran a debug at the radius server and I saw the authentication request wasn't arriving to the server.
I tested with the default credentials:
admin/password and super/password but it didn't worked either.

Is it there any other user/password I can try?

The switches are installed in another place, so I will like to know if there's another way (other than console connection and reset password procedure) to have access to the switch.

Thanks in advance.

12 replies

the suggested procedure work in most case, you need after login to review the AAA settings.
I remember there was some change in NOS Generation from 3.x to 4.x in some command settings.
yes because the switches in the production network are at 4.1.3, so I will not have this problem. I already upgrade the VCS cluster (6710, 6730 and 6740) at the lab network and everything went fine. They were at 4.1.3 also. The VDX with the auth problem are from backup network, almost every server in that network are standby, and as I said everything work fine.

The cluster VCS at production network is VDX6740T, and my request for upgrade version path to Extreme Network support team, was related to this specifics servers.

Answering your question, yes I have AAA configured. For the test you're recommending, I have to wait to have someone there.

Thanks in advance.
Userlevel 2
@Laura,

from output above, just a stupid question..... did you have AAA authentication configured ?

if yes, try follow. disconnet the LAN cable from management port, wait for 20 minutes, connect a serial cable and try again.

as fair as I remember there was not suggested from Brocade to upgrade from any 3.0.x in one step to 4.1.x or higher.


You are right
@Laura,

from output above, just a stupid question..... did you have AAA authentication configured ?

if yes, try follow. disconnet the LAN cable from management port, wait for 20 minutes, connect a serial cable and try again.

as fair as I remember there was not suggested from Brocade to upgrade from any 3.0.x in one step to 4.1.x or higher.
Thanks for your help..
Userlevel 2
The behavior should be the same on either console or SSH/Telnet. It sounds like we may need to recover the passwords, so it would be best to have someone on site to console to the switch. I see your case now and will pass this to a manager to have a TSE call you.
That's what i did yesterday. But I have not replay from Extreme support. Is it possible that default user/password only work in console?

For example, if i get someone to go to the site and connect a laptop to the console port, maybe the default password will work...I don't know, I think I'll just will try to get someone there.....
Userlevel 2
Laura,

If the issue is not special characters, and the default accounts are not logging in, I would recommend you open a case with Extreme Support to go through the issue in detail.
Hello,

I had used all the default password (included root/fibranne) and it doesn work..

Those are the logs from the upgrade (only one of the switch, the message are the same for the other one):

Severity Acknowledged Last Event Server Time Description Source Name Source Address Category Count Message ID Fabric Name Port Name
Info No lun. nov. 19 2018 15:00:50 EST Event: passwd, Status: success, Info: User account [user], password changed. [User: admin] switch002 10.1.2.7 Security Event 1 SEC-3024 switch001
Info No lun. nov. 19 2018 15:00:50 EST Event: userconfig, Status: success, Info: User account [user] [Enabled;Password UnExpired;]. [User: admin] switch002 10.1.2.7 Security Event 1 SEC-3027 switch001
Info No lun. nov. 19 2018 15:00:50 EST Changed account user. switch002 10.1.2.7 Security Event 1 SEC-1197 switch001
Info No lun. nov. 19 2018 15:00:50 EST Changed account user. switch002 10.1.2.7 Security Event 1 SEC-1197 switch001
Info No lun. nov. 19 2018 15:00:49 EST Role 'admin' is changed. switch002 10.1.2.7 Security Event 1 SEC-3501 switch001
Info No lun. nov. 19 2018 15:00:49 EST Role 'admin' is changed. switch002 10.1.2.7 Security Event 1 SEC-3501 switch001
Info No lun. nov. 19 2018 15:00:49 EST Role 'admin' is changed. [User: admin] switch002 10.1.2.7 Security Event 1 SEC-3501 switch001
Info No lun. nov. 19 2018 15:00:49 EST Added account super with admin authorization. switch002 10.136.239.107 Security Event 1 SEC-1180 switch001
Info No lun. nov. 19 2018 15:00:49 EST Event: userconfig, Status: success, Info: User account [super] added. Role: [admin], Password [Unexpired], Home Context [0], AD/VF list [ 0]. [User: admin] switch002 10.1.2.7 Security Event 1 SEC-3025 switch001
Info No lun. nov. 19 2018 15:00:49 EST Added account super with admin authorization. switch002 10.1.2.7 Security Event 1 SEC-1180 switch001
Info No lun. nov. 19 2018 15:00:46 EST Event: userconfig, Status: success, Info: User account [admin] [Enabled;Password UnExpired;]. [User: admin] switch002 10.1.2.7 Security Event 1 SEC-3027 switch001
Info No lun. nov. 19 2018 15:00:46 EST Changed account admin. switch002 10.1.2.7 Security Event 1 SEC-1197 switch001
Info No lun. nov. 19 2018 15:00:46 EST Event: passwd, Status: success, Info: User account [admin], password changed. [User: admin] switch002 10.1.2.7 Security Event 1 SEC-3024 switch001
Info No lun. nov. 19 2018 15:00:46 EST Changed account admin. switch002 10.1.2.7 Security Event 1 SEC-1197 switch001
Info No lun. nov. 19 2018 15:00:45 EST RADIUS configuration change, action CHANGE, server ID 172.25.7.2. switch002 10.1.2.7 Security Event 1 SEC-1184 switch001
Info No lun. nov. 19 2018 15:00:45 EST RADIUS configuration change, action CHANGE, server ID 172.25.7.2. switch002 10.1.2.7 Security Event 1 SEC-1184 switch001
Info No lun. nov. 19 2018 15:00:45 EST Event: aaaConfig, Status: success, Info: Attribute [secret] of RADIUS server 172.25.7.2 changed (null). switch002 10.1.2.7 Security Event 1 SEC-3016 switch001
Info No lun. nov. 19 2018 15:00:44 EST RADIUS configuration change, action ADD, server ID 172.25.7.2. switch002 10.136.239.107 Security Event 1 SEC-1184 switch001
Info No lun. nov. 19 2018 15:00:44 EST RADIUS configuration change, action ADD, server ID 172.25.7.2. switch002 10.136.239.107 Security Event 1 SEC-1184 switch001
Info No lun. nov. 19 2018 15:00:44 EST Event: aaaConfig, Status: success, Info: Added RADIUS server 172.25.7.2 for AAA services. switch002 10.1.2.7 Security Event 1 SEC-3014 switch001
Info No lun. nov. 19 2018 15:00:43 EST Event: aaaConfig, Status: success, Info: Attribute [secret] of RADIUS server 172.25.7.2 changed (null). switch002 10.1.2.7 Security Event 1 SEC-3016 switch001
Info No lun. nov. 19 2018 15:00:43 EST RADIUS configuration change, action CHANGE, server ID 172.25.7.2. switch002 10.1.2.7 Security Event 1 SEC-1184 switch001
Info No lun. nov. 19 2018 15:00:43 EST RADIUS configuration change, action CHANGE, server ID 172.25.7.2. switch002 10.1.2.7 Security Event 1 SEC-1184 switch001
Info No lun. nov. 19 2018 15:00:41 EST Event: aaaConfig, Status: success, Info: Added RADIUS server 172.25.7.2 for AAA services. switch002 10.136.239.107 Security Event 1 SEC-3014 switch001
Info No lun. nov. 19 2018 15:00:41 EST RADIUS configuration change, action ADD, server ID 172.25.7.2. switch002 10.1.2.7 Security Event 1 SEC-1184 switch001
Info No lun. nov. 19 2018 15:00:41 EST RADIUS configuration change, action ADD, server ID 172.25.7.2. switch002 10.1.2.7 Security Event 1 SEC-1184 switch001
Userlevel 2
Laura,

Please also check if your password contains any special characters. If so, try using an escape character and see if that works:

Password is: P@ss!Word
Enter: P\@ss\!Word

Alternatively, you can attempt to use root/fibranne to login, if the root account is enabled.
Yes, I'm sure the upgrade has finished. I did the upgrade yesterday. I have traps into my SNMP console (access snmp is OK) whose shows this. Every thing works, I dont have problems accessing the servers behind those switches, or connection lost in the network. I only don't have access with the credentials I have.

I can see clearly in the logs from yesterday that admin and super users were changed. But I can't see what is the new password they have. and radius configuration was alse cleared during upgrade.
Userlevel 2
Are you sure that upgrade is completed? If you don't have console to device how do you know that?
It is possible that switch is still booting and "NOS is not ready", but you will see this error only via the console

Reply