AAA for System Administrators
Table 23-2
CLI Authentication and Command Authorization Lockout Scenarios (continued)
Feature
Lockout Condition Description
TACACS+
You are logged in
command
as a user without
authorization
enough privileges
or as a user that
does not exist
Local command
You are logged in
authorization
as a user without
enough privileges
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
23-24
Workaround: Single Mode
You enable command
Fix the TACACS+ server
authorization, but then
user account.
find that the user
If you do not have access to
cannot enter any more
the TACACS+ server and
commands.
you need to configure the
FWSM immediately, then
log into the maintenance
partition and reset the
passwords and aaa
commands.
You enable command
Log in and reset the
authorization, but then
passwords and aaa
find that the user
commands.
cannot enter any more
commands.
Chapter 23
Configuring Management Access
Workaround: Multiple Mode
Session in to the FWSM
from the switch. From the
system execution space, you
can change to the context
and complete the
configuration changes. You
can also disable command
authorization until you fix
the TACACS+
configuration.
Session in to the FWSM
from the switch. From the
system execution space, you
can change to the context
and change the user level.
OL-20748-01