In order to allow login after downgrading, you can configure the failsafe account and ensure that an appropriate connection type is enabled.
# configure failsafe-account
enter failsafe user name: failsafe
enter failsafe password:
enter password again:
# configure failsafe-account permit telnet
# configure failsafe-account permit ssh
# show failsafe-account
User-Specified Failsafe Account Username and Password are in effect
for these connection types:
- Serial Console
- Control Fabric (inter-node)
- Mgmt VR Telnet
- Mgmt VR SSH
- User VR Telnet
- User VR SSH
Once the failsafe account has been configured, you can downgrade to 15.7 or earlier and log into a switch with the failsafe account, bypassing the tacacs/radius authentication. Once you log in, you can reconfigure tacacs/radius shared secrets.
# configure tacacs primary shared-secret "test123"