05-17-2012 09:29 AM - edited 03-07-2019 06:45 AM
Hi,
I was working on adding a Cisco 6513 to TACACS but ran into trouble. While I work on the issue offline (recreate and test another switch), I wanted to place this switch on radius temporarily.
For some reason i cant undo/delete the AAA commands in order to point to my radius server. Below was done via console:
=====================================================
Configuration: (note I was able to remove all tacacs-server commands)
aaa new-model
aaa authentication login default group tacacs+ enable
=====================================================
Trying to remove or edit the aaa:
C6513(config)#no aaa new-model
Active AAA sessions present
Cannot change to no aaa new-model while sessions still active
C6513(config)#no aaa authentication login default group
%ERROR: Standby doesn't support this
command
% Invalid input detected at '^' marker.
C6513(config)#aaa authentication login default none
%ERROR: Standby doesn't support this
command
% Invalid input detected at '^' marker.
=====================================================
I disabled my telemetry port on the Cisco 6513 as a precaution. The IOS im using is "s72033-advipservicesk9_wan-mz.122-33.SXI5.bin".
Let me know how to remove the AAA authentication statement. Hope its not intrusive cause i have a customer on the box.
-Mn
05-17-2012 09:31 AM
Btw, this was all done via console.
-Mn
05-17-2012 09:56 AM
If your config was using aaa for console, maybe you need to log out and back in. I know point out the obvious.
05-17-2012 10:04 AM
Not sure on the response but here is the line con 0 config:
line con 0
exec-timeout 5 0
This was done before anything. I wanted a 5 minute timeout of console to ensure no active session with console. This was attempted several times by logging out then back in.
-Mn
05-17-2012 10:07 AM
Is this a dual supervisor switch. if so, you may be on the standby supervisor.
05-17-2012 12:17 PM
Just attempted on the standby but getting a standby console disabled. Not sure what to do next without erasing the start-up, then reloading, since i have a customer on this switch.
-Mn
05-17-2012 04:42 PM
Is this 6k a member of a VSS group? If so, you need to be on the MASTER switch consoled into the ACTIVE supervisor.
If this is a standalone switch, connect your console cable to the ACTIVE supervisor and you should be fine...
Kind Regards,
Kevin
**Please remember to rate helpful posts as well as mark the question as 'answered' once your issue is resolved. This will help others to find your solution faster.
05-17-2012 06:26 PM
Hi Kevin,
I tried. After unable to remove via vty, it was performed via console with no luck. Console access is on the active SUP. However, i still cant remove the command.
Mn
06-06-2013 05:53 AM
I have the same issue on a vg224 Software ver15.1. this has come so close but no one answered it
my case
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: