Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12716
Views
25
Helpful
3
Replies

Cannot remove radius server from Nexus

Go to solution
craig.petty
Level 1
Level 1

‎11-19-2014 09:32 AM - edited ‎03-10-2019 10:11 PM

I'm trying to remove a radius server from a nexus switch, but it won't allow me.

 

My config

aaa authentication login default group radius 
no aaa user default-role 
aaa authentication login error-enable 
aaa authentication login mschapv2 enable 
radius-server key 7 "xxxxxxxxxx"
radius-server host 10.14.206.209 authentication accounting 
radius-server host 10.14.206.210 authentication accounting


When I try to remove a server

Nexus3K(config)# no radius-server host 10.14.206.210 authentication accounting
As this operation causes both accounting and authentication to be disabled for the server, it is denied.​

Or

Nexus3K(config)# no radius-server host 10.14.206.210 
server either belongs to group in use or default group
configuration for 10.14.206.210 could not be removed

 

I also tried doing a "no aaa authentication login default group radius" to disable radius authentication, and then removing the radius server, but that didn't work.

What am I doing wrong?  thanks

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Robenneke
Level 1
Level 1

‎11-19-2014 12:50 PM

Hi,

 

Don't exactly know if this is the right way but tested it and managed to delete the radius server:

Enter configuration commands, one per line.  End with CNTL/Z.
N7K-2(config)# aaa authentication login default group radius
N7K-2(config)# no aaa user default-role
N7K-2(config)# aaa authentication login error-enable
N7K-2(config)# aaa authentication login mschapv2 enable
N7K-2(config)# radius-server key 7 "xxxxxxxxxx"
N7K-2(config)# radius-server host 10.14.206.209 authentication accounting
N7K-2(config)# radius-server host 10.14.206.210 authentication accounting
N7K-2(config)#
N7K-2(config)#
N7K-2(config)# end
N7K-2#
N7K-2# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
N7K-2(config)# no radius-server host 10.14.206.210 authentication accounting
As this operation causes both accounting and authentication to be disabled for the server, it is denied.
N7K-2(config)#
N7K-2(config)# no  aaa authentication login default group radius
N7K-2(config)#
N7K-2(config)# no  radius-server host 10.14.206.210
N7K-2(config)#
N7K-2(config)#  aaa authentication login default group radius
N7K-2(config)#
N7K-2(config)#
N7K-2(config)# sh run | i radius
radius-server key 7 "xxxxxxxxxx"
radius-server host 10.14.206.209 authentication accounting
aaa authentication login default group radius
N7K-2(config)#
N7K-2(config)# sh run | i aaa
aaa authentication login default group radius
no aaa user default-role
aaa authentication login error-enable
aaa authentication login mschapv2 enable
N7K-2(config)#

 

Kind regards...

 

View solution in original post

3 Replies 3

Go to solution
Robenneke
Level 1
Level 1

‎11-19-2014 12:50 PM

Hi,

 

Don't exactly know if this is the right way but tested it and managed to delete the radius server:

Enter configuration commands, one per line.  End with CNTL/Z.
N7K-2(config)# aaa authentication login default group radius
N7K-2(config)# no aaa user default-role
N7K-2(config)# aaa authentication login error-enable
N7K-2(config)# aaa authentication login mschapv2 enable
N7K-2(config)# radius-server key 7 "xxxxxxxxxx"
N7K-2(config)# radius-server host 10.14.206.209 authentication accounting
N7K-2(config)# radius-server host 10.14.206.210 authentication accounting
N7K-2(config)#
N7K-2(config)#
N7K-2(config)# end
N7K-2#
N7K-2# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
N7K-2(config)# no radius-server host 10.14.206.210 authentication accounting
As this operation causes both accounting and authentication to be disabled for the server, it is denied.
N7K-2(config)#
N7K-2(config)# no  aaa authentication login default group radius
N7K-2(config)#
N7K-2(config)# no  radius-server host 10.14.206.210
N7K-2(config)#
N7K-2(config)#  aaa authentication login default group radius
N7K-2(config)#
N7K-2(config)#
N7K-2(config)# sh run | i radius
radius-server key 7 "xxxxxxxxxx"
radius-server host 10.14.206.209 authentication accounting
aaa authentication login default group radius
N7K-2(config)#
N7K-2(config)# sh run | i aaa
aaa authentication login default group radius
no aaa user default-role
aaa authentication login error-enable
aaa authentication login mschapv2 enable
N7K-2(config)#

 

Kind regards...

 

Go to solution
craig.petty
Level 1
Level 1

‎11-19-2014 01:46 PM

Thanks, that worked.  I thought I had tried that, but I must have done this instead.

Nexus3K(config)# no aaa authentication login default group radius 
Nexus3K(config)# no radius-server host 10.14.206.210 authentication accounting
As this operation causes both accounting and authentication to be disabled for the server, it is denied.

 

If I remove the "authentication accounting" from my commend, then it works fine.

 

0 Helpful

Go to solution
Logan Kampsnider
Level 1
Level 1
In response to craig.petty

‎07-23-2015 07:46 AM

I had this problem and removing the "aaa authentication login default group radius", as well as any other radius-related commands, did not work. I also verified that the default accounting and authentication mechanism was "local." 

After some troubleshooting I found that you can remove the radius-server configurations by simply trying to only remove the host IP portion. So, instead of typing this:

no radius-server host 10.14.206.210 authentication accounting

you would type this:

no radius-server host 10.14.206.210

It worked for me. May help others.

 

Thanks,

 

Logan

Customers Also Viewed These Support Documents