Hello Alejandro-I am a bit

Alejandro Manuel Rodriguez Daumy · ‎02-09-2015

Hello

While trying to change the TACACS server I entered

no aaa-new model before removing aaa authorization exec default group tacacs+ local

I saved the config so now I can not enter aaa-new model because the router output is Authorization failed

My question is if there is anyway to configure again the TACACS remotely. I have access through a login local with priviledge 15

The router is a cisco 2801 ver 12.4

I entered no service config because I thought this might have to do with the above issue.

%SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (tftp://255.255.255.255/cisconet.cfg) failed

regards

nspasov · ‎02-09-2015

Hello Alejandro-

I am a bit confused on the issue that you are having and the question that you are asking:

1. If you issue "no aaa new-model" then any aaa related commands should be removed from the switch. Thus, the "aaa authorization exec..." command should no longer be part of your running config

2. If for some reason the authorization command is still in place then you should be able to configure the device once you are re-logged in via the local user. This should be possible because you have "local" at the end of your command which will instruct the router to check the local database if the AAA server is unavailable.

I hope this helps!

Thank you for rating helpful posts!

Alejandro Manuel Rodriguez Daumy · ‎02-10-2015

Hello Neno

The problem is that when I reenter aaa new-model for the new TACACS configuration the command

aaa authorization exec default group tacacs+ local of the previous configuration becomes active

and the router wont let me enter any configuration with an Authorization failed

Peter Koltl · ‎02-15-2015

Are you getting the authorization failure due to the TACACS server response? Then you should block TACACS+ traffic with an ACL temporarily.

AAA new-model