04-17-2024 03:43 AM
I wanted to test a local account on a Nexus switch and bypass the radius (ssh)connection.
To do so, I add the aaa authentication login default local
I am now able to access the local account but I wanna get back to the previous configuration.
When I enter no aaa aaa authentication login default local , it says
"can not disable 'local' method for authentication "
Any clue?
04-17-2024 04:34 AM
- Check logs on the nexus just after that error (too) ; the reason for the error could be that the current administrative user was authenticated via the local method. In general however I would not advise to remove that command because it is an important fallback method to keep having access to the device if the remote authenticating servers become unreachable ,
M.
04-17-2024 05:58 AM
thank you @marce1000
I did kept the command and from that locaI, I was able to reinstall the aaa authentication login default group radius
I now have access to ssh login again.
However, I still cant access to one device per ssh and localaccount anymore
04-17-2024 06:01 AM
- Not directly ; you will have to scrutinize and compare the configuration (differences) then between the devices (e.g.)
M.
04-22-2024 04:15 AM
@marce1000 in fact, the switches had a previously configured admin account.
I was able to connect successfully using this account on the console port.
I reinstalled the services aaa authentication login default group radius which allowed me to reconnect using ssh.
Thanks for your information
04-22-2024 04:33 AM
- Good to know , but I would still advise to keep a local fallback method in place ,
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide