12-19
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 12 Configuring AAA
Recovering from a Lockout
Recovering from a Lockout
In some circumstances, when you turn on command authorization or CLI authentication, you can be
locked out of the FWSM CLI. You can usually recover access by restarting the FWSM. However, if you
already saved your configuration, you might be locked out. Table 12-3 lists the common lockout
conditions and how you might recover from them.
Table 12-3 CLI Authentication and Command Authorization Lockout Scenarios
Feature Lockout Condition Description Workaround: Single Mode Workaround: Multiple Mode
Local CLI
authentication
No users in the
local database
If you have no users in
the local database, you
cannot log in, and you
cannot add any users.
Log into the maintenance
partition and reset the
passwords and aaa
commands. See the
“Clearing the Application
Partition Passwords and
AAA Settings” section on
page 17-9.
Session into the FWSM
from the switch. From the
system execution space, you
can change to the context
and add a user.
TACACS+
command
authorization
TACACS+ CLI
authentication
RADIUS CLI
authentication
Server down or
unreachable and
you do not have
the fallback
method
configured
If the server is
unreachable, then you
cannot log in or enter
any commands.
1. Log into the
maintenance partition
and reset the passwords
and AAA commands.
See the “Clearing the
Application Partition
Passwords and AAA
Settings” section on
page 17-9.
2. Configure the local
database as a fallback
method so you do not
get locked out when the
server is down.
1. If the server is
unreachable because the
network configuration
is incorrect on the
FWSM, session into the
FWSM from the switch.
From the system
execution space, you
can change to the
context and reconfigure
your network settings.
2. Configure the local
database as a fallback
method so you do not
get locked out when the
server is down.
To Next Page
Loading...
Need help?
General