Solved: Re: Removing AAA from a 9500 switch

chad.parish · ‎08-06-2022

I have a 9500 switch with just AAA new model configured, nothing else.

I want to remove it so that I can then configure login local under the VTY lines. Can this be done and does it require a reboot? Or is it easier to just globally configure the below commands (Note username and password are configured globally with privelge 15)

aaa authentication login default local
aaa authorization exec default local

Tim Glen · ‎08-06-2022

Hey Chad,

> Would it kick me out before I could configure login local under the VTY lines?

No , you won't get booted off the switch.

> no aaa new-model

It's been a while but I **believe** you will get an prompt stating that isn't supported. If you choose to go past that prompt 'unexpected results may occur'.

Hope this helps.

View solution in original post

Tim Glen · ‎08-06-2022

Instead of using default I prefer using method lists to tie things together. Here is a AAA config that will accomplish your goals.



!
aaa new-model
!
aaa authentication login CON-LOCAL local
aaa authorization exec CON-LOCAL local
aaa authorization console
!
!
line con 0
login authentication CON-LOCAL
authorization exec CON-LOCAL
!
line vty 0 15
login authentication CON-LOCAL
authorization exec CON-LOCAL
!
end
!

chad.parish · ‎08-06-2022

I like that, thank you, however out of curiosity what happens if I just put in no aaa new-model, since the only AAA config present is aaa new-model.

Would it kick me out before I could configure login local under the VTY lines? And can I even config login-local or is it just login after configuring no aaa new-model?

Tim Glen · ‎08-06-2022