11-30-2021 10:57 AM - edited 11-30-2021 11:13 AM
i entered the command while labbing in EVE-NG
#no aaa new-model
Changing configuration back to no aaa new-model is not supported.
Continue?[confirm]
it removed all commands from switch anything that contains aaa even under the line vty, i thought it will not work and issuing the command didnt disconnect me from ssh session,my question is does this happen with real equipment too? or will i get kicked from ssh/telnet session
once i do no aaa new-model command
i tried it with and without if-authenticated, tacacs+ device ISE
11-30-2021 11:53 AM
Personally i do not believe - no aaa new-model ( delete the active session), but i am sure new session will not able to login, and it lockout, if you do not have fall back to login.
12-01-2021 01:09 AM
I am a bit surprised about this message "Changing configuration back to no aaa new-model is not supported." I agree that this would be a drastic change, and probably not advised. But "not supported" is unexpected.
Apparently you did it and it worked.
And you seem surprised that it impacted the vty lines " it removed all commands from switch anything that contains aaa even under the line vty," Why would you not expect this? aaa new-model is the global enabler for aaa processing. If you remove the global enabler why would you expect any aaa commands to not be impacted?
You ask "my question is does this happen with real equipment too?" I would certainly expect that it would happen with real equipment.
We do not know any details of your configuration, especially whether there were any commands for legacy processing (such as login local or a password configured on the vty) that would support connections without using aaa.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide