HPE Community
Switches, Hubs, and Modems
1752514 Members
4790 Online
108788 Solutions
New Discussion юеВ

Re: Removing AAA commands from 3448cl

 
sdewndr
Occasional Contributor

тАО03-14-2011 03:32 AM

тАО03-14-2011 03:32 AM

Removing AAA commands from 3448cl

I'm having issues removing configured aaa commands on a production 3448cl. Specifically the commands are:

aaa authentication telnet login tacacs local
aaa authentication telnet enable radius local
aaa authentication ssh login tacacs local
aaa authentication ssh enable tacacs local

Simply placing a "no" in front of them does not work. Also, disabling telnet and ssh on the switch does not help, nor does removing password protection. Any ideas other than resetting the switch?
0 Kudos
7 REPLIES 7
Jeff Carrell
Honored Contributor

тАО03-14-2011 05:21 AM

тАО03-14-2011 05:21 AM

Re: Removing AAA commands from 3448cl

You can't remove these commands, you have to basically reset them back to original or different:

aaa authentication telnet login local
aaa authentication telnet enable local
aaa authentication ssh login local
aaa authentication ssh enable local

would reset them back to original state.


Below is the basics of the overall command 'aaa authentication':

aaa authentication



hth...Jeff

PS, I posted this reply to your question on the the HP forum :-)
0 Kudos
sdewndr
Occasional Contributor

тАО03-14-2011 05:59 AM

тАО03-14-2011 05:59 AM

Re: Removing AAA commands from 3448cl

Thanks, I will try this in just a bit and get back to you.
0 Kudos
sdewndr
Occasional Contributor

тАО03-14-2011 07:02 AM

тАО03-14-2011 07:02 AM

Re: Removing AAA commands from 3448cl

When I try that, I get "Not legal combination of authentication methods"

(config)# aaa authentication telnet login local
Not legal combination of authentication methods.

(config)# aaa authentication telnet enable local
Not legal combination of authentication methods.

(config)# aaa authentication ssh login local
Not legal combination of authentication methods.

(config)# aaa authentication ssh enable local
Not legal combination of authentication methods.
0 Kudos
Jeff Carrell
Honored Contributor

тАО03-14-2011 08:48 PM

тАО03-14-2011 08:48 PM

Re: Removing AAA commands from 3448cl

sdewndr said: "When I try that, I get "Not legal combination of authentication methods"

(config)# aaa authentication telnet login local
Not legal combination of authentication methods."

hmmm...well, simply start doing "?" to see what the options are:

'aaa authentication telnet login ?'

These commands have worked for many years on many different ProCurve switches, altho it has been maybe 2+ years that I have been on a 3400/5300 (same code base basically)...

It would take me longer to find my 3400-24 and see the options...

hth...Jeff

btw, 'show authentication' shows how these are all set...
0 Kudos
sdewndr
Occasional Contributor

тАО03-15-2011 02:39 AM

тАО03-15-2011 02:39 AM

Re: Removing AAA commands from 3448cl

3400cl# conf t
3400cl(config)# aaa authentication login
privilege-mode Specify that switch respects the authentication server's
privilege level.
3400cl(config)# aaa authentication login privilege-mode

3400cl(config)# aaa authentication login privilege-mode
0 Kudos
Jeff Carrell
Honored Contributor

тАО03-15-2011 04:07 AM

тАО03-15-2011 04:07 AM

Re: Removing AAA commands from 3448cl

From my 3500yl:

Core(config)# aaa authentication telnet
enable Configure access to the privileged mode commands.
login Configure login access to the switch.

Core(config)# aaa authentication telnet
enable Configure access to the privileged mode commands.
login Configure login access to the switch.

(config)# aaa authentication telnet login
local Use local switch user/password database.
tacacs Use TACACS+ server.
radius Use RADIUS server.
peap-mschapv2 Use RADIUS server with PEAP-MSChapv2.

try these.
0 Kudos
sdewndr
Occasional Contributor

тАО03-15-2011 04:10 AM

тАО03-15-2011 04:10 AM

Re: Removing AAA commands from 3448cl

I figured it out. To disable aaa authentication for the enable command you must do:

aaa authentication telnet enable local none
aaa authentication ssh enable local none

This sets it back to it's default.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.