Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3934
Views
13
Helpful
7
Replies

roll back operation : AAA deployment

xine xine
Level 1
Level 1

‎03-01-2010 08:07 AM - edited ‎03-10-2019 04:58 PM

Hi !

we plan to deploy AAA function on our production network as requested by our policy (and by any good pratice) I had to plan a roll back plan is case of problem.  After deployed command on our Core Catalyst switch in lab and successfully authenticate my user session it's looklike impossible to roll back and disable AAA function without reload the switch.

when I using the command

no aaa new-model
Active AAA sessions present
Cannot change to no aaa new-model while sessions still active

before I had issue this command I had removed all other AAA command from the configuration.  I know if we reload the switch I will be able to removed aaa new-model command.  I would like to avoid to reload the switch to undeploy this command.  Someone could help me ?

Labels:
0 Helpful
7 Replies 7

Panos Kampanakis
Cisco Employee
Cisco Employee

‎03-01-2010 08:19 AM

This relates to defect CSCsu32327 and I am afraid there is nothing to do get rid of it other than rebooting.

The disabling of aaa new model has been deprecated.  New-model is a superset of old-model which is 15 years old. 

I hope it helps.

PK

xine xine
Level 1
Level 1
In response to Panos Kampanakis

‎03-01-2010 08:38 AM

Hi !

I had search in bug tool kit to view a description and patch availibility for this issue, that bug is not available to public only Cisco employes can view this bug description... is it exist some special reason to this ?

is a patch is plan to be available ?

Thanks a lot

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee
In response to xine xine

‎03-01-2010 08:58 AM

It is already fixed in 12.2(33)SXI02.

So I guess an upgrade would fix it. But an upgrade would still reboot the switch.

So either of them will solve your problem.

I apologize for the bug not being external. The reason is that this is mostly a command design issue to fix since the command needs to be deprecated.

I hope it helps.

PK

xine xine
Level 1
Level 1
In response to Panos Kampanakis

‎03-01-2010 09:10 AM

Hi !

our 6509 currently running IOS s72033-ipservicesk9_wan-mz.122-33.SXI2a.bin, so it's looklike not fixed already ? or I miss understanding something in IOS naming version.....

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee
In response to xine xine

‎03-01-2010 09:36 AM

Hmm, 2a is not the same as .2.

The command should be deprecated so if it exists in .2a probably it was not integrated in it, I believe.

PK

xine xine
Level 1
Level 1
In response to Panos Kampanakis

‎03-01-2010 09:40 AM

I know, but 2a should not suppose to include all patch on 2 ?  Should I open a case with the TAC for that issue ?

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee
In response to xine xine

‎03-02-2010 05:41 PM

I guess they are the only ones that can verify for sure.

PK

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents