Removing AAA command

fibernet570 · ‎05-17-2012

Hi,

I was working on adding a Cisco 6513 to TACACS but ran into trouble. While I work on the issue offline (recreate and test another switch), I wanted to place this switch on radius temporarily.

For some reason i cant undo/delete the AAA commands in order to point to my radius server. Below was done via console:

=====================================================

Configuration: (note I was able to remove all tacacs-server commands)

aaa new-model

aaa authentication login default group tacacs+ enable

=====================================================

Trying to remove or edit the aaa:

C6513(config)#no aaa new-model

Active AAA sessions present

Cannot change to no aaa new-model while sessions still active

C6513(config)#no aaa authentication login default group

%ERROR: Standby doesn't support this

command

% Invalid input detected at '^' marker.

C6513(config)#aaa authentication login default none

%ERROR: Standby doesn't support this

command

% Invalid input detected at '^' marker.

=====================================================

I disabled my telemetry port on the Cisco 6513 as a precaution. The IOS im using is "s72033-advipservicesk9_wan-mz.122-33.SXI5.bin".

Let me know how to remove the AAA authentication statement. Hope its not intrusive cause i have a customer on the box.

-Mn

fibernet570 · ‎05-17-2012

Btw, this was all done via console.

-Mn

bret · ‎05-17-2012

If your config was using aaa for console, maybe you need to log out and back in. I know point out the obvious.

fibernet570 · ‎05-17-2012

Not sure on the response but here is the line con 0 config:

line con 0

exec-timeout 5 0

This was done before anything. I wanted a 5 minute timeout of console to ensure no active session with console. This was attempted several times by logging out then back in.

-Mn

bret · ‎05-17-2012

Is this a dual supervisor switch. if so, you may be on the standby supervisor.

fibernet570 · ‎05-17-2012

Just attempted on the standby but getting a standby console disabled. Not sure what to do next without erasing the start-up, then reloading, since i have a customer on this switch.

-Mn

Kevin P Sheahan · ‎05-17-2012

Is this 6k a member of a VSS group? If so, you need to be on the MASTER switch consoled into the ACTIVE supervisor.

If this is a standalone switch, connect your console cable to the ACTIVE supervisor and you should be fine...

Kind Regards,

Kevin

**Please remember to rate helpful posts as well as mark the question as 'answered' once your issue is resolved. This will help others to find your solution faster.

Kind Regards, Kevin Sheahan, CCIE # 41349

fibernet570 · ‎05-17-2012

Hi Kevin,

I tried. After unable to remove via vty, it was performed via console with no luck. Console access is on the active SUP. However, i still cant remove the command.

Mn

Lance Wendel · ‎06-06-2013

I have the same issue on a vg224 Software ver15.1. this has come so close but no one answered it

my case

https://supportforums.cisco.com/thread/2221409