Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

PIX backdoor if AAA server fails

Is it possible to have a backway into the PIX should the AAA server fail ie Console port access?

Currrntly we use AAA authentication, authorization and accounting with out Tacacs server. Pix configured as follows:

aaa-server TACACS+ protocol tacacs+

aaa-server ACS protocol tacacs+

aaa-server ACS host x.x.x.x xxxx

aaa authentication telnet console ACS

aaa authentication enable console ACS

aaa authorization command ACS

aaa accounting command ACS

To my mind once I access the serial port it will try and do enable authentication using AAA.

Thanks in advance.

1 REPLY
Community Member

Re: PIX backdoor if AAA server fails

There is usually one user configured inside the platform for backway access to the PIX

I mean, you are recommended to configure an user account into the pix, i say locally to grant access to the PIX in case AAA failure (PIX can contact AAA Server or AAA server down).

In the case you can not contact by lan (routing protocols or port failure), you always can access by console with this user.

Regards

Roberto

154
Views
0
Helpful
1
Replies
CreatePlease to create content