Filter
Top Products
10-9
Cisco ASDM User Guide
OL-16647-01
Chapter 10 Configuring Security Contexts
Enabling or Disabling Multiple Context Mode
log in with a username, enter the login command. For example, you log in to the admin context with the
username “admin.” The admin context does not have any command authorization configuration, but all
other contexts include command authorization. For convenience, each context configuration includes a
user “admin” with maximum privileges. When you change from the admin context to context A, your
username is altered, so you must log in again as “admin” by entering the login command. When you
change to context B, you must again enter the login command to log in as “admin.”
The system execution space does not support any AAA commands, but you can configure its own enable
password, as well as usernames in the local database to provide individual logins.
Context Administrator Access
You can access a context using Telnet, SSH, or ASDM. If you log in to a non-admin context, you can
only access the configuration for that context. You can provide individual logins to the context. See
Configuring Authentication for Network Access, page 23-1 to enable Telnet, SSH, and SDM access and
to configure management authentication.
Enabling or Disabling Multiple Context Mode
Your security appliance might already be configured for multiple security contexts depending on how
you ordered it from Cisco. If you are upgrading, however, you might need to convert from single mode
to multiple mode by following the procedures in this section.
ASDM supports changing modes from single to multiple mode if you use the High Availability and
Scalability Wizard and you enable Active/Active failover. See the “Accessing and Using the High
Availability and Scalability Wizard” section on page 15-4 for more information.
If you do not want to use Active/Active failover or want to change back to single mode, you must change
modes at the CLI. This section describes changing modes at the CLI, and includes the following topics:
• Backing Up the Single Mode Configuration, page 10-9
• Enabling Multiple Context Mode, page 10-9
• Restoring Single Context Mode, page 10-10
Backing Up the Single Mode Configuration
When you convert from single mode to multiple mode, the security appliance converts the running
configuration into two files. The original startup configuration is not saved, so if it differs from the
running configuration, you should back it up before proceeding.
Enabling Multiple Context Mode
The context mode (single or multiple) is not stored in the configuration file, even though it does endure
reboots. If you need to copy your configuration to another device, set the mode on the new device to
match using the mode command.
When you convert from single mode to multiple mode, the security appliance converts the running
configuration into two files: a new startup configuration that comprises the system configuration, and
admin.cfg that comprises the admin context (in the root directory of the internal Flash memory). The