I have some routers someone turned over that had a previous AAA configuration. This was removed with no aaa-newmodel. When I enabled the new-model and created my own configuration the former stuff seemed to come back and lock me out. I shut down the tacacs server for a moment and got in, but all of their configuration for aaa was back in. Is there a way to remove the aaa config with reseting the router, so I dont get caught like this again?
thx,
You have to remover the lines using the no command. The no aaa new-model does nothing more than act like an on off switch for tacacs. Hope this helps!!
Alf, i know that, but what happens is we have taken over some routers from another company. they had aaa config, which cannot be seen until you turn on aaa new-model. when you turn on aaa new-model their old stuff comes up and locks you our of the router/switch. I guess the best way to beat this is to just configure one at a time and use the method I described before. ie. shutdown the tacacs server.
They must have command authorization enabled in the config. Thats the only way you can be locked out after being logged in also.
Create a blank command authorization set and apply it to a user/group. This should help you.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.