11-19-2014 09:32 AM - edited 03-10-2019 10:11 PM
I'm trying to remove a radius server from a nexus switch, but it won't allow me.
My config
aaa authentication login default group radius no aaa user default-role aaa authentication login error-enable aaa authentication login mschapv2 enable radius-server key 7 "xxxxxxxxxx" radius-server host 10.14.206.209 authentication accounting radius-server host 10.14.206.210 authentication accounting
When I try to remove a server
Nexus3K(config)# no radius-server host 10.14.206.210 authentication accounting As this operation causes both accounting and authentication to be disabled for the server, it is denied.
Or
Nexus3K(config)# no radius-server host 10.14.206.210 server either belongs to group in use or default group configuration for 10.14.206.210 could not be removed
I also tried doing a "no aaa authentication login default group radius" to disable radius authentication, and then removing the radius server, but that didn't work.
What am I doing wrong? thanks
Solved! Go to Solution.
11-19-2014 12:50 PM
Hi,
Don't exactly know if this is the right way but tested it and managed to delete the radius server:
Enter configuration commands, one per line. End with CNTL/Z.
N7K-2(config)# aaa authentication login default group radius
N7K-2(config)# no aaa user default-role
N7K-2(config)# aaa authentication login error-enable
N7K-2(config)# aaa authentication login mschapv2 enable
N7K-2(config)# radius-server key 7 "xxxxxxxxxx"
N7K-2(config)# radius-server host 10.14.206.209 authentication accounting
N7K-2(config)# radius-server host 10.14.206.210 authentication accounting
N7K-2(config)#
N7K-2(config)#
N7K-2(config)# end
N7K-2#
N7K-2# conf t
Enter configuration commands, one per line. End with CNTL/Z.
N7K-2(config)# no radius-server host 10.14.206.210 authentication accounting
As this operation causes both accounting and authentication to be disabled for the server, it is denied.
N7K-2(config)#
N7K-2(config)# no aaa authentication login default group radius
N7K-2(config)#
N7K-2(config)# no radius-server host 10.14.206.210
N7K-2(config)#
N7K-2(config)# aaa authentication login default group radius
N7K-2(config)#
N7K-2(config)#
N7K-2(config)# sh run | i radius
radius-server key 7 "xxxxxxxxxx"
radius-server host 10.14.206.209 authentication accounting
aaa authentication login default group radius
N7K-2(config)#
N7K-2(config)# sh run | i aaa
aaa authentication login default group radius
no aaa user default-role
aaa authentication login error-enable
aaa authentication login mschapv2 enable
N7K-2(config)#
Kind regards...
11-19-2014 12:50 PM
Hi,
Don't exactly know if this is the right way but tested it and managed to delete the radius server:
Enter configuration commands, one per line. End with CNTL/Z.
N7K-2(config)# aaa authentication login default group radius
N7K-2(config)# no aaa user default-role
N7K-2(config)# aaa authentication login error-enable
N7K-2(config)# aaa authentication login mschapv2 enable
N7K-2(config)# radius-server key 7 "xxxxxxxxxx"
N7K-2(config)# radius-server host 10.14.206.209 authentication accounting
N7K-2(config)# radius-server host 10.14.206.210 authentication accounting
N7K-2(config)#
N7K-2(config)#
N7K-2(config)# end
N7K-2#
N7K-2# conf t
Enter configuration commands, one per line. End with CNTL/Z.
N7K-2(config)# no radius-server host 10.14.206.210 authentication accounting
As this operation causes both accounting and authentication to be disabled for the server, it is denied.
N7K-2(config)#
N7K-2(config)# no aaa authentication login default group radius
N7K-2(config)#
N7K-2(config)# no radius-server host 10.14.206.210
N7K-2(config)#
N7K-2(config)# aaa authentication login default group radius
N7K-2(config)#
N7K-2(config)#
N7K-2(config)# sh run | i radius
radius-server key 7 "xxxxxxxxxx"
radius-server host 10.14.206.209 authentication accounting
aaa authentication login default group radius
N7K-2(config)#
N7K-2(config)# sh run | i aaa
aaa authentication login default group radius
no aaa user default-role
aaa authentication login error-enable
aaa authentication login mschapv2 enable
N7K-2(config)#
Kind regards...
11-19-2014 01:46 PM
Thanks, that worked. I thought I had tried that, but I must have done this instead.
Nexus3K(config)# no aaa authentication login default group radius Nexus3K(config)# no radius-server host 10.14.206.210 authentication accounting As this operation causes both accounting and authentication to be disabled for the server, it is denied.
If I remove the "authentication accounting" from my commend, then it works fine.
07-23-2015 07:46 AM
I had this problem and removing the "aaa authentication login default group radius", as well as any other radius-related commands, did not work. I also verified that the default accounting and authentication mechanism was "local."
After some troubleshooting I found that you can remove the radius-server configurations by simply trying to only remove the host IP portion. So, instead of typing this:
no radius-server host 10.14.206.210 authentication accounting
you would type this:
no radius-server host 10.14.206.210
It worked for me. May help others.
Thanks,
Logan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide