11-17-2020 02:44 AM
Hi All,
I had issue that the primary device was dead as the module died. hardware was replaced everything is fine, i manged to configure it. It replicated well. Primary device is active, secondary device is active as it should be.
but now cant login to active context with IP, as crypto key is required to be ran on all the contexts in FWMS, because they have been just replicated from the standby device.
but how I do it ? i cant login to them before adding the crypto key, and from doing "session slot # p 1"
it gives me error "Command authorization failed"
cant ran any command and have to kill the session to exit.
how can I fix this please?
version is bit lower FWSM Firewall Version 4.1(6) <system>
Please assist.
Regards
shinda
11-17-2020 03:16 AM
Are you able to login to other FWSM Module from console ? or do you have both FWSM Module issue ?
best suggestion is just eject the Module and reseat and test it. - make sure you login and check the one you have access - check the HA availability.
HA requirement, make sure you need to have both same version before join in HA.
11-17-2020 07:01 PM
Thanks BB:
I can login to 6500 by console or however ..all possible
from 6500
i can login to the active module
6500# sess slot 6 p 1
enter credentials and I am in ..
FWMS/act#
on system context i can do anything ..
but when i change to any other contexts i can change
FWMS/Admin/act# sh run
it brings error..
Command authorization failed
that means I need to run crypto key,, but how can I do it ?
I cant ssh to any context directly neither can perform any change when logged in vai module ?
however I can ssh to standby but making changes on standby will not replicate..
Regards
11-18-2020 01:12 PM
You could try logging into the secondary FWSM and send commands to the primary from there (for example remove command authorization configuration) using:
failover exec active show run aaa
find the aaa authorization command, and if it is present, remove it.
failover exec active no aaa authorizaiton command <tacacs+ server>
You should now be able to run commands there.
Another thing you can and should check before doing this is the AAA server you are running command authorization towards. Your user might have "accidentally" had a change of privileges.
11-18-2020 04:36 PM
Hi Marius,
Thanks a lot for your response.
sorry i could not run those commands on standby, neither on system or admin context
#admin/stby# sh failover ?
| Output modifiers
<cr>
#/stby# failover ?
active Make this system to be the active unit of the failover pair
reload-standby Force standby unit to reboot
reset Force an unit or failover group to an unfailed state
Please note that issue is with contexts and not on 'system'
11-18-2020 12:59 PM
i suggest to pull the new install module and try.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide