40-15
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 40 Managing System Access
Configuring AAA for System Administrators
Table 40-1 describes the show curpriv command output.
Recovering from a Lockout
In some circumstances, when you turn on command authorization or CLI authentication, you can be
locked out of the security appliance CLI. You can usually recover access by restarting the security
appliance. However, if you already saved your configuration, you might be locked out. Table 40-2 lists
the common lockout conditions and how you might recover from them.
Table 40-1 show curpriv Display Description
Field Description
Username Username. If you are logged in as the default user, the name is enable_1 (user
EXEC) or enable_15 (privileged EXEC).
Current privilege level Level from 0 to 15. Unless you configure local command authorization and
assign commands to intermediate privilege levels, levels 0 and 15 are the only
levels that are used.
Current Mode/s Shows the access modes:
• P_UNPR—User EXEC mode (levels 0 and 1)
• P_PRIV—Privileged EXEC mode (levels 2 to 15)
• P_CONF—Configuration mode
Table 40-2 CLI Authentication and Command Authorization Lockout Scenarios
Feature Lockout Condition Description Workaround: Single Mode Workaround: Multiple Mode
Local CLI
authentication
No users in the
local database
If you have no users in
the local database, you
cannot log in, and you
cannot add any users.
Log in and reset the
passwords and aaa
commands.
Session into the security
appliance from the switch.
From the system execution
space, you can change to the
context and add a user.
TACACS+
command
authorization
TACACS+ CLI
authentication
RADIUS CLI
authentication
Server down or
unreachable and
you do not have
the fallback
method
configured
If the server is
unreachable, then you
cannot log in or enter
any commands.
1. Log in and reset the
passwords and AAA
commands.
2. Configure the local
database as a fallback
method so you do not
get locked out when the
server is down.
1. If the server is
unreachable because the
network configuration
is incorrect on the
security appliance,
session into the security
appliance from the
switch. From the system
execution space, you
can change to the
context and reconfigure
your network settings.
2. Configure the local
database as a fallback
method so you do not
get locked out when the
server is down.
To Next Page
Loading...
Need help?
General