Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cant enter enable mode-AAA server is down

Cisco ASA 5520

When i attempt to telnet..i get usrname and password..but not authentication since my ACS server is down

i can console in..but cant enter enable mode...

i get the message AAA server is unreachable..

is there anything i can do besides a pw recovery?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Cant enter enable mode-AAA server is down

Hello,

If you still have lines like 'aaa authentication telnet console TACACS+' in the config then the local username/password won't work. You would need to have the 'LOCAL' keyword at the end of those lines. If that is the case, you'll need to do a password recovery to remove the 'aaa authentication' lines.

Hope that helps.

-Mike

5 REPLIES
Cisco Employee

Re: Cant enter enable mode-AAA server is down

Hi,

Here's the link to perform password recovery:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/trouble.html#wp1049302

Hope this helps!!

Thanks and Regards,

Prapanch

Cisco Employee

Re: Cant enter enable mode-AAA server is down

Hello,

Do you have LOCAL fallback setup for authentication? If so, you can use the credentials configured in the local user database to login. Otherwise, you'll need to either get your AAA server up and running again or perform a password recovery.

When you get it working again, you should consider configuring a local user account to avoid locking yourself out again in the future. You can do that with these commands:

username password priv 15

aaa authentication telnet console LOCAL

Hope that helps.

-Mike

New Member

Re: Cant enter enable mode-AAA server is down

thats whats weird

i do have a local password and usernam configured on it

i was actually removing tacacs on it for a new config

when i removed the aaa statement and the aaa tacacs server host and key statemt

i was locked out....

what is left are what i believe the following commands

aaa authentication telnet console TACACS+

aaa authentication enable console TACACS+

aaa authentication ssh console TACACS+

aaa authentication http console TACACS+

when i enter enable

it looks for tacacs

Re: Cant enter enable mode-AAA server is down

If you have removed all the "aaa authentication" lines , if you telnet on the equipment the password required is the one set with "password" command if you have one.

HTH

Dan

Cisco Employee

Re: Cant enter enable mode-AAA server is down

Hello,

If you still have lines like 'aaa authentication telnet console TACACS+' in the config then the local username/password won't work. You would need to have the 'LOCAL' keyword at the end of those lines. If that is the case, you'll need to do a password recovery to remove the 'aaa authentication' lines.

Hope that helps.

-Mike

351
Views
5
Helpful
5
Replies
CreatePlease to create content