Here's a link about AAA and local username database in a Cisco ASA Multiple mode/Context-based Firewall. You should use the login command instead of enable in order to use the local username account (with privilege 15) for AAA fallback wherein the remote authentication server such TACACS+ or RADIUS is not reachable. This would allow you to jump to a context and issue any show and global config commands.
ciscoasa/pri/act> enable
Username: cisco-admin
Password: ***********
ciscoasa/pri/act# changeto context admin
ciscoasa/pri/act/admin# show run interface Manamgement0/0
Fallback authorization. Username 'enable_15' not in LOCAL database
Command authorization failed
ciscoasa/pri/act/admin# configure terminal
Command authorization failed
ciscoasa/pri/act> login
Username: cisco-admin
Password: ***********
ciscoasa/pri/act# changeto context admin
ciscoasa/pri/act/admin# show run interface Manamgement0/0
!
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0 standby 192.168.1.2
No comments:
Post a Comment