cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1855
Views
5
Helpful
2
Replies
Highlighted
Beginner

server either belongs to a group in use or default group - Tacacs

I need to remove one of the tacacs-server hosts from our devices but am getting the above error when I try.

 

Current config

 

aaa group server tacacs+ test

  server 1.1.1.1

  server 1.1.1.2

aaa authentication login default group test

aaa authentication login console local

aaa authorization commands default group test

 

Desired config:

as above, but replace server 1.1.1.2 with 1.1.1.3

 

Steps to reproduce error:

host# conf t

host(config)# aaa group server tacacs+ test

host(config-tacacs+)# no tacacs-server host 1.1.1.2  {I have also tried with no server 1.1.1.2} 

server either belongs to group in use or default group
configuration for 1.1.1.2 could not be removed

 

Is there a way to get around this or is the only choice to remove AAA (which I'd rather not do and risk getting locked out)?

thanks in advance. This is on a Nexus 5500 series, I have several devices which could be running 5.*, 6.* or 7.*

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Engager

To avoid risk of being locked out change your exec-timeout on VTY lines to 0. Remove AAA statement, update server as desired, re-add AAA statement, change back exec-timeout.

View solution in original post

2 REPLIES 2
Highlighted
VIP Engager

To avoid risk of being locked out change your exec-timeout on VTY lines to 0. Remove AAA statement, update server as desired, re-add AAA statement, change back exec-timeout.

View solution in original post

Highlighted
Cisco Employee

I agreed with what Mike.Cifelli said. This looks similar to Solved: Cannot remove radius server from Nexus - Cisco Community