Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX AAA Enable Local not working

I have lost the ability to ping the inside interface of my failover firewall. When I try to console into the Failover, I cannot get into enable mode. I have the following Commands specified in the config:

aaa authentication serial console TACACS+ LOCAL

aaa authentication enable console TACACS+ LOCAL

I can get in with the userid and password which has a privilege level of 15 however I cannot get into enable mode. It prompts for password but does not accept it. I have specified a new enable password and done a write standby but still doesn't work.

The Pixes are using 6.3(5). There are no authorization commands specified. The authentication works fine on the primary firewall with Tacacs as it can contact the ACS Server on its inside interface. It is just the local enable part on the failover firewall that is not working.


Re: PIX AAA Enable Local not working

To use local enable password, can you configure the following in your active PIX, then sync with standby unit:

aaa authentication enable console LOCAL --> use local enable password

aaa authentication serial console LOCAL --> authenticate console access via local userID

Try to skip TACACS+ first to test the access.



New Member

Re: PIX AAA Enable Local not working

Strange one this, I tried the aaa authen enable cons LOCAL also and it wouldn't let me get into enable. However, when I removed AAA for enable altogether it worked using the local enable password!



Re: PIX AAA Enable Local not working

I just test it by removing the "aaa authentication enable console LOCAL".

On the console, I can't get to enable mode. But you can do this if yo type 'login' where you need to use local user account (mine with priv 15).

Else, after logging in using the above (login) method, change the enable password to a new one. Exit from the priv mode (#), then type enable. Use the new password to get to the enable mode. It should work.

And if I put back the "aaa authentication enable console LOCAL", I can login using my local account again.



CreatePlease to create content