Configuring The Local Database; Identifying A Aaa Server - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Configuring the Local Database
Configuring the Local Database
This section describes how to manage users in the local database. You can use the local database for
CLI access authentication, privileged mode authentication, command authorization, or for VPN client
authentication for management access. You cannot use the local database for network access
authentication or authorization. For multiple context mode, you can configure usernames in the system
execution space to provide individual logins using the login command; however, you cannot configure
any aaa commands in the system execution space.
If you add users to the local database who can gain access to the CLI and whom you do not want to enter
Caution
privileged mode, you should enable command authorization. (See the
Authorization" section on page
mode (and all commands) at the CLI using their own password if their privilege level is 2 or greater (2 is
the default). Alternatively, you can use RADIUS or TACACS+ authentication so the user will not be able
to use the login command, or you can set all local users to level 1 so you can control who can use the
system enable password to access privileged mode.
To define a user account in the local database, enter the following command:
FWSM/contexta(config)# username username {nopassword | password password }
[privilege level ]
Define the following parameters:
•
•
•
•
For example, the following command assigns a privilege level of 15 to the admin user account:
FWSM/contexta(config)# username admin password passw0rd privilege 15
The following command creates a user account with no password:
FWSM/contexta(config)# username john.doe nopassword
Identifying a AAA Server
If you want to use an external AAA server (RADIUS or TACACS+) for authentication, authorization, or
accounting, you must first add one or more servers to a server group on the FWSM. You identify this
server group name when you add AAA rules. Each server group consists of only one type of server,
RADIUS or TACACS+. For multiple context mode, you can configure up to 4 servers in a maximum of
4 groups. In single mode, you can configure 16 servers in a maximum of 14 server groups.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
12-6
username—A string from 4 to 15 characters long.
password—A string from 3 to 16 characters long.
privilege level—The privilege level that you want to assign to the new user account (from 0 to 15).
The default is 2. This privilege level is used with command authorization.
nopassword—Creates a user account with no password.
12-10.) Without command authorization, users can access privileged
Chapter 12
Configuring AAA
"Configuring Local Command
OL-6392-01
Advertisement
Table of Contents
Troubleshooting
