Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
713
Views
0
Helpful
6
Replies

ASA local AAA database

Go to solution
WStoffel1
Level 1
Level 1

‎06-07-2013 08:29 AM - edited ‎03-11-2019 06:54 PM

I have several users in a local aaa setup.  Logging in works, but i have to enter ENABLE to get into enable mode, and then just reenter my login password.

Using the local database is there a way to log right into Enable mode from the command line?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎06-09-2013 11:57 AM

Unfortunately, this can not be done even with local database, this is by design.

This may provide you more info:

https://supportforums.cisco.com/thread/2201512#3888667

Jatin Katyal
- Do rate helpful posts -

~Jatin

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎06-07-2013 09:49 AM

Hello,

For this you will need to use exec authorization and make sure the user has an Execution privilege and enable privilege of 15 so the ASA sees the user as a Super User and access to enable mode (Priv 15) will be granted,

Julio Carvajal

Hey remember to rate all of the helpful posts, as important as a thanks (keep us motivated)

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
WStoffel1
Level 1
Level 1
In response to Julio Carvajal

‎06-07-2013 10:30 AM

FW# sh run aaa

aaa authentication ssh console LOCAL

aaa authentication enable console LOCAL

aaa local authentication attempts max-fail 5

aaa authorization exec authentication-server

FW# sh run username

username wstoffel password W4Ii8sjkdRzfAci encrypted privilege 15

username wstoffel attributes

service-type admin

Which part am i missing then?  Service type admin isn't even really needed as it's the default.

Thanks a bunch!

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to WStoffel1

‎06-07-2013 12:06 PM

Hello,

Provide

debug aaa authentication

debug aaa authorization

Regards,

Hey remember to rate all of the helpful posts, as important as a thanks (keep us motivated)

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
WStoffel1
Level 1
Level 1
In response to Julio Carvajal

‎06-07-2013 01:48 PM

Logged into the command line and in enable mode i enter those commands.

Then on another console I log in with the same creds, and also with another account, and there's no debug output on that original console screen.

Apparently I'm missing something

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to WStoffel1

‎06-07-2013 02:29 PM

add

terminal monitor

do it again

regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎06-09-2013 11:57 AM

Unfortunately, this can not be done even with local database, this is by design.

This may provide you more info:

https://supportforums.cisco.com/thread/2201512#3888667

Jatin Katyal
- Do rate helpful posts -

~Jatin
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card