This document describes how to use the enablediag service account to access a Secure Email Gateway (SEG), Secure Web Appliance, or Web Manager.
The SEG, SWA, and Secure Email and Web Manager have a service account named enablediag. This account is usually accessed on the appliance using the serial console, but it can also be accessed through standard SSH access to the appliance. Use this account when an appliance is not accessible remotely. Accessing the appliance via enablediag is usually done in conjunction with Cisco Support and an open support case.
To use the account, enter enablediag at the console log in prompt and use the admin password of the appliance.
The enablediag user has several options that can also be used to resolve issues, including the ability to enable service access or reconfigure the management interface.
This example shows what is displayed when logging in with enablediag:
login: enablediag
Password:
Last login: Wed Jul 01 13:59:23 2026 from 192.0.2.43
AsyncOS 16.0.0 for Cisco C100V build 050
Welcome to the Cisco Secure Email Gateway
Available Commands:
help -- View this text.
quit -- Log out.
service -- Enable or disable access to the service system.
network -- Perform emergency configuration of the diagnostic network interface.
clearnet -- Resets configuration of the diagnostic network interface.
ssh -- Configure emergency SSH daemon on the diagnostic network interface.
clearssh -- Stop emergency SSH daemon on the diagnostic network interface.
tunnel -- Start up tech support tunnel to Cisco.
print -- Print status of the diagnostic network interface.
reboot -- Reboot the appliance.
S/N <serial-number>
Service Access currently ENABLED (0 current service logins)
Note: If you are opening a support tunnel to the appliance via this method, be sure to provide the full serial number presented in the console to your Cisco Support engineer
| Revision | Publish Date | Comments |
|---|---|---|
2.0 |
01-Jul-2026
|
Updated Tech Content and Formatting. |
1.0 |
18-Oct-2017
|
Initial Release |