Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Removing AAA command

Hi,

I was working on adding a Cisco 6513 to TACACS but ran into trouble.  While I work on the issue offline (recreate and test another switch), I wanted to place this switch on radius temporarily.

For some reason i cant undo/delete the AAA commands in order to point to my radius server.  Below was done via console:

=====================================================

Configuration:  (note I was able to remove all tacacs-server commands)

aaa new-model

aaa authentication login default group tacacs+ enable

=====================================================

Trying to remove or edit the aaa:

C6513(config)#no aaa new-model

Active AAA sessions present

Cannot change to no aaa new-model while sessions still active

C6513(config)#no aaa authentication login default group

%ERROR: Standby doesn't support this

                                        command                                                    

% Invalid input detected at '^' marker.

C6513(config)#aaa authentication login default none

%ERROR: Standby doesn't support this

                                        command                                                             

% Invalid input detected at '^' marker.

=====================================================

I disabled my telemetry port on the Cisco 6513 as a precaution.  The IOS im using is "s72033-advipservicesk9_wan-mz.122-33.SXI5.bin".

Let me know how to remove the AAA authentication statement.  Hope its not intrusive cause i have a customer on the box.

-Mn

Everyone's tags (2)
8 REPLIES
New Member

Removing AAA command

Btw, this was all done via console.

-Mn

New Member

Removing AAA command

If your config was using aaa for console, maybe you need to log out and back in. I know point out the obvious.

New Member

Removing AAA command

Not sure on the response but here is the line con 0 config:

line con 0

exec-timeout 5 0

This was done before anything.  I wanted a 5 minute timeout of console to ensure no active session with console.  This was attempted several times by logging out then back in.

-Mn

New Member

Re: Removing AAA command

Is this a dual supervisor switch. if so, you may be on the standby supervisor.

New Member

Removing AAA command

Just attempted on the standby but getting a standby console disabled. Not sure what to do next without erasing the start-up, then reloading, since i have a customer on this switch.

-Mn

Removing AAA command

Is this 6k a member of a VSS group? If so, you need to be on the MASTER switch consoled into the ACTIVE supervisor.

If this is a standalone switch, connect your console cable to the ACTIVE supervisor and you should be fine...

Kind Regards,

Kevin

**Please remember to rate helpful posts as well as mark the question as 'answered' once your issue is resolved. This will help others to find your solution faster.

Kind Regards, Kevin Sheahan, CCIE # 41349
New Member

Removing AAA command

Hi Kevin,

I tried.  After unable to remove via vty, it was performed via console with no luck.  Console access is on the active SUP.  However, i still cant remove the command.

Mn

New Member

Removing AAA command

I have the same issue on a vg224 Software ver15.1. this has come so close but no one answered it

my case

https://supportforums.cisco.com/thread/2221409

5339
Views
0
Helpful
8
Replies