cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
870
Views
0
Helpful
3
Replies

AAA new-model

Hello

While trying to change the TACACS server I entered

no aaa-new model  before removing aaa authorization exec default group tacacs+ local

 

I saved the config so now I can not enter aaa-new model because the router output is Authorization failed

 

My question is if there is anyway to configure again the TACACS remotely. I have access through a login local with priviledge 15

 

 

The router is a cisco 2801 ver 12.4

I entered no service config because I thought this might have to do with the above issue.

%SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (tftp://255.255.255.255/cisconet.cfg) failed

regards

3 Replies 3

nspasov
Cisco Employee
Cisco Employee

Hello Alejandro-

I am a bit confused on the issue that you are having and the question that you are asking:

1. If you issue "no aaa new-model" then any aaa related commands should be removed from the switch. Thus, the "aaa authorization exec..." command should no longer be part of your running config

2. If for some reason the authorization command is still in place then you should be able to configure the device once you are re-logged in via the local user. This should be possible because you have "local" at the end of your command which will instruct the router to check the local database if the AAA server is unavailable. 

I hope this helps!

 

Thank  you for rating helpful posts!

Hello Neno

 

The problem is that when I reenter aaa new-model for the new TACACS configuration the command

aaa authorization exec default group tacacs+ local of the previous configuration becomes active

and the router wont let me enter any configuration with an Authorization failed

Are you getting the authorization failure due to the TACACS server response? Then you should block TACACS+ traffic with an ACL temporarily.