cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10457
Views
25
Helpful
3
Replies

Cannot remove radius server from Nexus

craig.petty
Beginner
Beginner

I'm trying to remove a radius server from a nexus switch, but it won't allow me.

 

My config

aaa authentication login default group radius 
no aaa user default-role 
aaa authentication login error-enable 
aaa authentication login mschapv2 enable 
radius-server key 7 "xxxxxxxxxx"
radius-server host 10.14.206.209 authentication accounting 
radius-server host 10.14.206.210 authentication accounting 


When I try to remove a server

Nexus3K(config)# no radius-server host 10.14.206.210 authentication accounting
As this operation causes both accounting and authentication to be disabled for the server, it is denied.​

Or

Nexus3K(config)# no radius-server host 10.14.206.210 
server either belongs to group in use or default group
configuration for 10.14.206.210 could not be removed

 

I also tried doing a "no aaa authentication login default group radius" to disable radius authentication, and then removing the radius server, but that didn't work.

What am I doing wrong?  thanks

1 Accepted Solution

Accepted Solutions

Robenneke
Beginner
Beginner

Hi,

 

Don't exactly know if this is the right way but tested it and managed to delete the radius server:

Enter configuration commands, one per line.  End with CNTL/Z.
N7K-2(config)# aaa authentication login default group radius
N7K-2(config)# no aaa user default-role
N7K-2(config)# aaa authentication login error-enable
N7K-2(config)# aaa authentication login mschapv2 enable
N7K-2(config)# radius-server key 7 "xxxxxxxxxx"
N7K-2(config)# radius-server host 10.14.206.209 authentication accounting
N7K-2(config)# radius-server host 10.14.206.210 authentication accounting
N7K-2(config)#
N7K-2(config)#
N7K-2(config)# end
N7K-2#
N7K-2# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
N7K-2(config)# no radius-server host 10.14.206.210 authentication accounting
As this operation causes both accounting and authentication to be disabled for the server, it is denied.
N7K-2(config)#
N7K-2(config)# no  aaa authentication login default group radius
N7K-2(config)#
N7K-2(config)# no  radius-server host 10.14.206.210
N7K-2(config)#
N7K-2(config)#  aaa authentication login default group radius
N7K-2(config)#
N7K-2(config)#
N7K-2(config)# sh run | i radius
radius-server key 7 "xxxxxxxxxx"
radius-server host 10.14.206.209 authentication accounting
aaa authentication login default group radius
N7K-2(config)#
N7K-2(config)# sh run | i aaa
aaa authentication login default group radius
no aaa user default-role
aaa authentication login error-enable
aaa authentication login mschapv2 enable
N7K-2(config)#

 

Kind regards...

 

View solution in original post

3 Replies 3

Robenneke
Beginner
Beginner

Hi,

 

Don't exactly know if this is the right way but tested it and managed to delete the radius server:

Enter configuration commands, one per line.  End with CNTL/Z.
N7K-2(config)# aaa authentication login default group radius
N7K-2(config)# no aaa user default-role
N7K-2(config)# aaa authentication login error-enable
N7K-2(config)# aaa authentication login mschapv2 enable
N7K-2(config)# radius-server key 7 "xxxxxxxxxx"
N7K-2(config)# radius-server host 10.14.206.209 authentication accounting
N7K-2(config)# radius-server host 10.14.206.210 authentication accounting
N7K-2(config)#
N7K-2(config)#
N7K-2(config)# end
N7K-2#
N7K-2# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
N7K-2(config)# no radius-server host 10.14.206.210 authentication accounting
As this operation causes both accounting and authentication to be disabled for the server, it is denied.
N7K-2(config)#
N7K-2(config)# no  aaa authentication login default group radius
N7K-2(config)#
N7K-2(config)# no  radius-server host 10.14.206.210
N7K-2(config)#
N7K-2(config)#  aaa authentication login default group radius
N7K-2(config)#
N7K-2(config)#
N7K-2(config)# sh run | i radius
radius-server key 7 "xxxxxxxxxx"
radius-server host 10.14.206.209 authentication accounting
aaa authentication login default group radius
N7K-2(config)#
N7K-2(config)# sh run | i aaa
aaa authentication login default group radius
no aaa user default-role
aaa authentication login error-enable
aaa authentication login mschapv2 enable
N7K-2(config)#

 

Kind regards...

 

craig.petty
Beginner
Beginner

Thanks, that worked.  I thought I had tried that, but I must have done this instead.

Nexus3K(config)# no aaa authentication login default group radius 
Nexus3K(config)# no radius-server host 10.14.206.210 authentication accounting
As this operation causes both accounting and authentication to be disabled for the server, it is denied.

 

If I remove the "authentication accounting" from my commend, then it works fine.

 

I had this problem and removing the "aaa authentication login default group radius", as well as any other radius-related commands, did not work. I also verified that the default accounting and authentication mechanism was "local." 

After some troubleshooting I found that you can remove the radius-server configurations by simply trying to only remove the host IP portion. So, instead of typing this:

no radius-server host 10.14.206.210 authentication accounting

you would type this:

no radius-server host 10.14.206.210

It worked for me. May help others.

 

Thanks,

 

Logan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: