Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
742
Views
0
Helpful
2
Replies

ASA Console Locked Out

zekebashi
Level 4
Level 4

‎08-06-2018 03:51 PM - edited ‎02-21-2020 08:03 AM

Hello, 

 

I've configured aaa & TACACS+ on an ASA properly where the primary authentication method is ISE and a fallback method is local. I've created enable_15 with priv 15 and another local user account (admin_acct) with priv 15, also. I can ssh using my AD account just fine and when I tried to console in and use the local account (admin_acct) and I was able to login fine. However, it seems that this local user account (admin_acct) doesn't have the proper authorization to execute any priv commands and now I am locked out on the console since I cannot issue any commands nor can I even logout. Is there any command or method that i can exit out of this cosole session so I can log back in using a different user account? 

 

Any ideas would be appreciated. 

 

Best, ~zK 

0 Helpful
2 Replies 2

Mohammed al Baqari
Level 11
Level 11

‎08-06-2018 08:04 PM

There is no way to clear console session other than restart. Try to create
a dummy acl on the a switch or router between ISE and ASA to blocked tacacs
traffic then use local login for console using login command
0 Helpful

zekebashi
Level 4
Level 4
In response to Mohammed al Baqari

‎08-10-2018 03:15 PM

Thanks for your input.

 

I was able to resolve the issue by creating the same local user account on the TACACS+ server (ISE).

 

Thanks, ~zK  

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card