Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1977
Views
0
Helpful
1
Replies

Removing AAA config while sshing or telnet

Go to solution
enzo80
Level 1
Level 1

‎11-30-2021 01:33 AM

I require to remove AAA configuration and put back again after complete my activity,

Can you please guide me, what would be the best way to remove it. My worries is, when I remove beow command at any point of time, Will it throw an error "command authorzation failed"..? Quick/correct answers much apreciated..:-)

 

 

 

Correct me, in this below order I shall remove or which one shl good

 

no aaa authentication enable console MYTACACS LOCAL

no aaa authentication http console MYTACACS LOCAL

no aaa authentication serial console MYTACACS LOCAL

no aaa authentication ssh console MYTACACS LOCAL

no aaa authentication telnet console MYTACACS LOCAL

no aaa authorization command MYTACACS LOCAL

no aaa accounting enable console MYTACACS

no aaa accounting serial console MYTACACS

no aaa accounting ssh console MYTACACS

no aaa accounting telnet console MYTACACS

no aaa accounting command privilege 15 MYTACACS

 

 

no aaa-server MYTACACS protocol tacacs+

no aaa-server MYTACACS (inside) host 192.168.1.212

no aaa-server MYTACACS (inside) host 192.168.1.213

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
PradeepSingh
Level 1
Level 1

‎11-30-2021 04:36 AM

Your worries are correct  

 

First remove all command authorization from AAA config. 

 

no aaa authorization command MYTACACS LOCAL

 

After this you can remove rest AAA configuration from device and device will not throw authorization error.

 

 

After command authorization from external AAA is disabled, now its the user priviliege which is getting assigned from AAA will be deciding factor for switch to authorize commands locally.

 

Before logging out you need to make sure you have valid local user and password for the device.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
PradeepSingh
Level 1
Level 1

‎11-30-2021 04:36 AM

Your worries are correct  

 

First remove all command authorization from AAA config. 

 

no aaa authorization command MYTACACS LOCAL

 

After this you can remove rest AAA configuration from device and device will not throw authorization error.

 

 

After command authorization from external AAA is disabled, now its the user priviliege which is getting assigned from AAA will be deciding factor for switch to authorize commands locally.

 

Before logging out you need to make sure you have valid local user and password for the device.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents