Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
509
Views
0
Helpful
1
Replies

software upgrade for ISR4331

crunyon99
Level 1
Level 1

‎01-06-2022 12:08 PM

So my ISR4331 ver 9.16.09.05 is up for an upgrade to 16.12.03. Currently this switch has aaa and tacacs server configured. It seems the syntax for tacacs-server will change, which means after reboot I would not be able to reach tacacs servers. 

I currently do have local username configured. I was wondering if I would be able to apply changes from 

tacacs-server host 98.8.137.58
tacacs-server host 98.8.169.58
tacacs-server key 7 <password>

to 

tacacs-server host 98.8.137.58 key 7 <password>
tacacs-server host 98.8.169.58 key 7 <password>

prior to reboot, or would I get a command authorization denied, once I remove tacacs servers? Or can I add the new config first, and then remove old config? 

Thanks

Labels:
0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎01-06-2022 12:51 PM

Make sure your local account working as expected, Do not write the config (or lock yourself to reset the factory reset to recovery)

 

if the Local account working,. then you can remove AAA config and add new AAA config, as long as it has fall back to local authentication.,

 

Once AAA working then write config, if anything go wrong you can reboot the device to get back to old known good config.

 

here AAA reference :

 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_tacacs/configuration/xe-16-12/sec-usr-tacacs-xe-16-12-book/sec-cfg-tacacs.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card