12-02-2020 04:03 AM
hi,
is there a "quick" way to completely remove AAA in a device? like a "default" command used in a switch port?
if i just do a "no aaa new-model" and then re-added it back, all AAA config lines were back.
CSRv(config)#no aaa new-model
Changing configuration back to no aaa new-model is not supported.
Continue?[confirm]
CSRv(config)#
CSRv(config)#do sh run | s aaa
no aaa new-model
CSRv(config)#
CSRv(config)#aaa new-model
CSRv(config)#
CSRv(config)#do sh run | s aaa
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa authorization network default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa session-id common
Solved! Go to Solution.
12-02-2020 04:27 AM
Hello,
you need to manually remove the commands first, I don't think there is one command to clear all lines from a previous aaa new-model.
So first, negate the existing commands:
no aaa authentication login default group tacacs+ local
no aaa authentication enable default group tacacs+ enable
no aaa authorization exec default group tacacs+ local
no aaa authorization commands 1 default group tacacs+ if-authenticated
no aaa authorization commands 15 default group tacacs+ if-authenticated
no aaa authorization network default group tacacs+ local
no aaa accounting exec default start-stop group tacacs+
no aaa accounting commands 1 default start-stop group tacacs+
no aaa accounting commands 15 default start-stop group tacacs+
no aaa accounting network default start-stop group tacacs+
no aaa accounting system default start-stop group tacacs+
Then, execute 'no aaa new-model'. Then, when you add another 'aaa new-model', the configuration will be empty.
12-02-2020 04:09 AM
short answer no - but removing aaa new-model is removing aaa config, other config will not have any effect since you removed global config. - is this make sense ?
12-02-2020 04:27 AM
Hello,
you need to manually remove the commands first, I don't think there is one command to clear all lines from a previous aaa new-model.
So first, negate the existing commands:
no aaa authentication login default group tacacs+ local
no aaa authentication enable default group tacacs+ enable
no aaa authorization exec default group tacacs+ local
no aaa authorization commands 1 default group tacacs+ if-authenticated
no aaa authorization commands 15 default group tacacs+ if-authenticated
no aaa authorization network default group tacacs+ local
no aaa accounting exec default start-stop group tacacs+
no aaa accounting commands 1 default start-stop group tacacs+
no aaa accounting commands 15 default start-stop group tacacs+
no aaa accounting network default start-stop group tacacs+
no aaa accounting system default start-stop group tacacs+
Then, execute 'no aaa new-model'. Then, when you add another 'aaa new-model', the configuration will be empty.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide