EasyManuals Logo

Cisco 5510 - ASA SSL / IPsec VPN Edition Configuration Guide

Cisco 5510 - ASA SSL / IPsec VPN Edition
1822 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #696 background imageLoading...
Page #696 background image
32-24
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 32 Configuring Management Access
Configuring AAA for System Administrators
Recovering from a Lockout
In some circumstances, when you turn on command authorization or CLI authentication, you can be
locked out of the adaptive security appliance CLI. You can usually recover access by restarting the
adaptive security appliance. However, if you already saved your configuration, you might be locked out.
Table 32-2 lists the common lockout conditions and how you might recover from them.
Current privilege level Level from 0 to 15. Unless you configure local command authorization and
assign commands to intermediate privilege levels, levels 0 and 15 are the only
levels that are used.
Current Mode/s Shows the access modes:
• P_UNPR—User EXEC mode (levels 0 and 1)
• P_PRIV—Privileged EXEC mode (levels 2 to 15)
• P_CONF—Configuration mode
Table 32-1 show curpriv Command Output Description
Field Description
Table 32-2 CLI Authentication and Command Authorization Lockout Scenarios
Feature Lockout Condition Description Workaround: Single Mode Workaround: Multiple Mode
Local CLI
authentication
No users in the
local database
If you have no users in
the local database, you
cannot log in, and you
cannot add any users.
Log in and reset the
passwords and aaa
commands.
Session into the adaptive
security appliance from the
switch. From the system
execution space, you can
change to the context and
add a user.
TACACS+
command
authorization
TACACS+ CLI
authentication
RADIUS CLI
authentication
Server down or
unreachable and
you do not have
the fallback
method
configured
If the server is
unreachable, then you
cannot log in or enter
any commands.
1. Log in and reset the
passwords and AAA
commands.
2. Configure the local
database as a fallback
method so you do not
get locked out when the
server is down.
1. If the server is
unreachable because the
network configuration
is incorrect on the
adaptive security
appliance, session into
the adaptive security
appliance from the
switch. From the system
execution space, you
can change to the
context and reconfigure
your network settings.
2. Configure the local
database as a fallback
method so you do not
get locked out when the
server is down.

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals