This document describes how to use the enablediag user to connect and administer a Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), or Cisco Security Management Appliance (SMA).

Enable service account on the ESA/WSA/SMA

The ESA, WSA, and SMA have a service account named enablediag.  This account is usually accessed via the the appliance using the serial console, but can also be accessed via standard SSH access to the appliance.  This account can be used in the event that an appliance is not accessible remotely.  Use of accessing the appliance via enablediag is usually done in conjunction with Cisco Support and an open support case.

In order to use, enter enablediag at the console login prompt for the login and use the appliance's admin password.

The enablediag user has several options that may also be used to resolve issues, including the ability to enable service access or re-configure the management interface. Below is an example of what is displayed when logging in with enablediag:

login: enablediag 
Last login: Tue Jul 28 13:59:23 2015 from
AsyncOS 9.7.0 for Cisco C100V build 041

Welcome to the Cisco C100V Email Security Virtual Appliance

Available Commands:
help -- View this text.
quit -- Log out.
service -- Enable or disable access to the service system.
network -- Perform emergency configuration of the diagnostic network interface.
clearnet -- Resets configuration of the diagnostic network interface.
ssh -- Configure emergency SSH daemon on the diagnostic network interface.
clearssh -- Stop emergency SSH daemon on the diagnostic network interface.
tunnel -- Start up tech support tunnel to IronPort.
print -- Print status of the diagnostic network interface.
reboot -- Reboot the appliance.

S/N 564D4A052936E4280000-BA98DA08AAAA
Service Access currently ENABLED (0 current service logins)

Note: If you are opening a support tunnel to the appliance via this method, please be sure to provide the full serial number presented to your Cisco Support Engineer.

Related Information