Cisco ASA 5505 Configuration Manual page 697

Chapter 32 Configuring Management Access
Table 32-2 CLI Authentication and Command Authorization Lockout Scenarios (continued)
Feature Lockout Condition Description
TACACS+ You are logged in
command as a user without
authorization enough privileges
or as a user that
does not exist
Local command You are logged in
authorization as a user without
enough privileges
OL-20339-01
Workaround: Single Mode
You enable command Fix the TACACS+ server
authorization, but then user account.
find that the user
If you do not have access to
cannot enter any more
the TACACS+ server and
commands.
you need to configure the
adaptive security appliance
immediately, then log into
the maintenance partition
and reset the passwords and
aaa commands.
You enable command Log in and reset the
authorization, but then passwords and aaa
find that the user commands.
cannot enter any more
commands.
Configuring AAA for System Administrators
Cisco ASA 5500 Series Configuration Guide using ASDM
Workaround: Multiple Mode
Session into the adaptive
security appliance from the
switch. From the system
execution space, you can
change to the context and
complete the configuration
changes. You can also
disable command
authorization until you fix
the TACACS+
configuration.
Session into the adaptive
security appliance from the
switch. From the system
execution space, you can
change to the context and
change the user level.
32-25