https://community.cisco.com/t5/network-access-control/aaa-new-model/m-p/2639107#M74628 <P>Hello</P><P>While trying to change the TACACS server I entered</P><P>no aaa-new model&nbsp; before removing aaa authorization exec default group tacacs+ local</P><P>&nbsp;</P><P>I saved the config so now I can not enter<STRONG> aaa-new model</STRONG> because the router output is <STRONG>Authorization failed</STRONG></P><P>&nbsp;</P><P>My question is if there is anyway to configure again the TACACS remotely. I have access through a login local with priviledge 15</P><P>&nbsp;</P><P>&nbsp;</P><P>The router is a cisco 2801 ver 12.4</P><P>I entered no service config because I thought this might have to do with the above issue.</P><P>%SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (tftp://255.255.255.255/cisconet.cfg) failed</P><P>regards</P> Mon, 11 Mar 2019 05:26:01 GMT Alejandro Manuel Rodriguez Daumy 2019-03-11T05:26:01Z https://community.cisco.com/t5/network-access-control/aaa-new-model/m-p/2639107#M74628 <P>Hello</P><P>While trying to change the TACACS server I entered</P><P>no aaa-new model&nbsp; before removing aaa authorization exec default group tacacs+ local</P><P>&nbsp;</P><P>I saved the config so now I can not enter<STRONG> aaa-new model</STRONG> because the router output is <STRONG>Authorization failed</STRONG></P><P>&nbsp;</P><P>My question is if there is anyway to configure again the TACACS remotely. I have access through a login local with priviledge 15</P><P>&nbsp;</P><P>&nbsp;</P><P>The router is a cisco 2801 ver 12.4</P><P>I entered no service config because I thought this might have to do with the above issue.</P><P>%SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (tftp://255.255.255.255/cisconet.cfg) failed</P><P>regards</P> Mon, 11 Mar 2019 05:26:01 GMT https://community.cisco.com/t5/network-access-control/aaa-new-model/m-p/2639107#M74628 Alejandro Manuel Rodriguez Daumy 2019-03-11T05:26:01Z https://community.cisco.com/t5/network-access-control/aaa-new-model/m-p/2639108#M74629 <P>Hello Alejandro-</P><P>I am a bit confused on the issue that you are having and the question that you are asking:</P><P>1. If you issue "no aaa new-model" then any aaa related commands should be removed from the switch. Thus, the "aaa authorization exec..." command should no longer be part of your running config</P><P>2. If for some reason the authorization command is still in place then you should be able to configure the device once you are re-logged in via the local user. This should be possible because you have "local" at the end of your command which will instruct the router to check the local database if the AAA server is unavailable.&nbsp;</P><P>I hope this helps!</P><P>&nbsp;</P><P><EM>Thank &nbsp;you for rating helpful posts!</EM></P> Tue, 10 Feb 2015 04:45:50 GMT https://community.cisco.com/t5/network-access-control/aaa-new-model/m-p/2639108#M74629 nspasov 2015-02-10T04:45:50Z https://community.cisco.com/t5/network-access-control/aaa-new-model/m-p/2639109#M74630 <P>Hello Neno</P><P>&nbsp;</P><P>The problem is that when I reenter aaa new-model for the new TACACS configuration the command</P><P>aaa authorization exec default group tacacs+ local of the previous configuration becomes active</P><P>and the router wont let me enter any configuration with an<STRONG> Authorization failed</STRONG></P> Tue, 10 Feb 2015 15:36:21 GMT https://community.cisco.com/t5/network-access-control/aaa-new-model/m-p/2639109#M74630 Alejandro Manuel Rodriguez Daumy 2015-02-10T15:36:21Z https://community.cisco.com/t5/network-access-control/aaa-new-model/m-p/2639110#M74631 <P>Are you getting the authorization failure due to the TACACS server response? Then you should block TACACS+ traffic with an ACL temporarily.</P> Sun, 15 Feb 2015 19:18:24 GMT https://community.cisco.com/t5/network-access-control/aaa-new-model/m-p/2639110#M74631 Peter Koltl 2015-02-15T19:18:24Z