Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1514
Views
0
Helpful
5
Replies

FWSM issue , cant run any command

shinda_77
Level 1
Level 1

‎11-17-2020 02:44 AM

Hi All,

 

I had issue that the primary device was dead as the module died. hardware was replaced everything is fine, i manged to configure it. It replicated well. Primary device is active, secondary device is active as it should be. 

but now cant login to active context with IP, as crypto key is required to be ran on all the contexts in FWMS, because they have been just  replicated from the standby device. 

but how I do it ? i cant login to them before adding the crypto key, and from doing "session slot # p 1"

it gives me error "Command authorization failed" 
cant ran any command and have to kill the session to exit. 

how can I fix this please?
version is bit lower  FWSM Firewall Version 4.1(6) <system>

Please assist. 
Regards
shinda 

0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎11-17-2020 03:16 AM

Are you able to login to other FWSM Module from console ? or do you have both FWSM Module issue ?

 

best suggestion is just eject the Module and reseat and test it. - make sure you login and check the one you have access - check the HA availability.

 

HA requirement, make sure you need to have both same version before join in HA.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

shinda_77
Level 1
Level 1

‎11-17-2020 07:01 PM

Thanks BB:

I can login to 6500 by console or however ..all possible
from 6500

i can login to the active module
6500# sess slot 6 p 1
enter credentials and I am in ..
FWMS/act# 
on system context i can do anything  ..
but when i change to any other contexts i can change
FWMS/Admin/act# sh run
it brings error..
Command authorization failed
that means I need to run crypto key,, but how can I do it ?
I cant ssh to any context directly neither can perform any change when logged in vai module ?

 

however I can ssh to standby but making changes on standby will not replicate..

Regards

0 Helpful

Marius Gunnerud
VIP
VIP
In response to shinda_77

‎11-18-2020 01:12 PM

You could try logging into the secondary FWSM and send commands to the primary from there (for example remove command authorization configuration) using:

failover exec active show run aaa

find the aaa authorization command, and if it is present, remove it.

failover exec active no aaa authorizaiton command <tacacs+ server>

You should now be able to run commands there.  

 

Another thing you can and should check before doing this is the AAA server you are running command authorization towards.  Your user might have "accidentally" had a change of privileges.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

shinda_77
Level 1
Level 1
In response to Marius Gunnerud

‎11-18-2020 04:36 PM

Hi Marius,

 

Thanks a lot for your response. 

 

sorry i could not run those commands on standby, neither on system or admin context

#admin/stby# sh failover ?

| Output modifiers
<cr>

 

#/stby# failover ?

active Make this system to be the active unit of the failover pair
reload-standby Force standby unit to reboot
reset Force an unit or failover group to an unfailed state

Please note that issue is with contexts and not on 'system' 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎11-18-2020 12:59 PM

i suggest to pull the new install module and try.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card