Hello,
I have a Cisco 9600 device in the network with aaa configure as below. Right now all access to the device require aaa authentication. I am going for a migration where I will have to change the management interface from current vlan 995 to loopback interface, Since i will have to change ip tacacs source-interface and ssh source interface I have a fear for losing remote access. So i am planning to create a new username with secret for the change and i need to change the AAA authentication from remote to local. Can you please suggest what changes will accomplish this? Is there any other option to do this without loosing remote/console access to the box
username Admin privilege 15 secret xxxx
Switch#sh run | sec aaa
aaa new-model
aaa local authentication attempts max-fail 3
aaa group server tacacs+ KCOM
server-private 10.x.x.x key 7 xxxxxxxxxxxxxxxxxxxxxxxxx
server-private 10.x.x.y key 7 xxxxxxxxxxxxxxxxxxxxxxxxx
ip vrf forwarding Corp
ip tacacs source-interface Vlan995
aaa authentication login default group tacacs+ group ZZZ line
aaa authentication enable default group ZZZ enable line
aaa accounting exec default start-stop group ZZZ
aaa accounting commands 15 default start-stop group ZZZ
aaa accounting network default start-stop group ZZZ
aaa session-id common
line con 0
password 7 xxxx
stopbits 1
line aux 0
line vty 0 4
exec-timeout 30 0
password 7 xxxxx
