topic FWSM issue , cant run any command in Network Security

FWSM issue , cant run any command

shinda_77 — Tue, 17 Nov 2020 10:44:44 GMT

Hi All,

I had issue that the primary device was dead as the module died. hardware was replaced everything is fine, i manged to configure it. It replicated well. Primary device is active, secondary device is active as it should be.

but now cant login to active context with IP, as crypto key is required to be ran on all the contexts in FWMS, because they have been just replicated from the standby device.

but how I do it ? i cant login to them before adding the crypto key, and from doing "session slot # p 1"

it gives me error "Command authorization failed"
cant ran any command and have to kill the session to exit.

how can I fix this please?
version is bit lower FWSM Firewall Version 4.1(6) <system>

Please assist.
Regards
shinda

Re: FWSM issue , cant run any command

balaji.bandi — Tue, 17 Nov 2020 11:16:08 GMT

Are you able to login to other FWSM Module from console ? or do you have both FWSM Module issue ?

best suggestion is just eject the Module and reseat and test it. - make sure you login and check the one you have access - check the HA availability.

HA requirement, make sure you need to have both same version before join in HA.

Re: FWSM issue , cant run any command

shinda_77 — Wed, 18 Nov 2020 03:01:38 GMT

Thanks BB:

I can login to 6500 by console or however ..all possible
from 6500

i can login to the active module
6500# sess slot 6 p 1
enter credentials and I am in ..
FWMS/act#
on system context i can do anything ..
but when i change to any other contexts i can change
FWMS/Admin/act# sh run
it brings error..
Command authorization failed
that means I need to run crypto key,, but how can I do it ?
I cant ssh to any context directly neither can perform any change when logged in vai module ?

however I can ssh to standby but making changes on standby will not replicate..

Regards

Re: FWSM issue , cant run any command

balaji.bandi — Wed, 18 Nov 2020 20:59:11 GMT

i suggest to pull the new install module and try.

Re: FWSM issue , cant run any command

Marius Gunnerud — Wed, 18 Nov 2020 21:12:32 GMT

You could try logging into the secondary FWSM and send commands to the primary from there (for example remove command authorization configuration) using:

failover exec active show run aaa

find the aaa authorization command, and if it is present, remove it.

failover exec active no aaa authorizaiton command <tacacs+ server>

You should now be able to run commands there.

Another thing you can and should check before doing this is the AAA server you are running command authorization towards. Your user might have "accidentally" had a change of privileges.

Re: FWSM issue , cant run any command

shinda_77 — Thu, 19 Nov 2020 00:36:02 GMT

Hi Marius,

Thanks a lot for your response.

sorry i could not run those commands on standby, neither on system or admin context

#admin/stby# sh failover ?

| Output modifiers
<cr>

#/stby# failover ?

active Make this system to be the active unit of the failover pair
reload-standby Force standby unit to reboot
reset Force an unit or failover group to an unfailed state

Please note that issue is with contexts and not on 'system'