Cisco PIX 500 Series Configuration Manual page 210
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Configuring the Local Database
where the username keyword is a string from 4 to 64 characters long.
The password password argument is a string from 3 to 16 characters long.
The mschap keyword specifies that the password is e converted to unicode and hashed using MD4 after
you enter it. Use this keyword if users are authenticated using MSCHAPv1 or MSCHAPv2.
The privilege level argument sets the privilege level from 0 to 15. The default is 2. This privilege level
is used with command authorization.
If you do not use command authorization (the aaa authorization command LOCAL command), then
Caution
the default level 2 allows management access to privileged EXEC mode. If you want to limit access to
privileged EXEC mode, either set the privilege level to 0 or 1, or use the service-type command (see
Step
4).
The nopassword keyword creates a user account with no password.
The encrypted and nt-encrypted keywords are typically for display only. When you define a password
Note
in the username command, the security appliance encrypts it when it saves it to the configuration for
security purposes. When you enter the show running-config command, the username command does
not show the actual password; it shows the encrypted password followed by the encrypted or
nt-encrypted keyword (when you specify mschap). For example, if you enter the password "test," the
show running-config display would appear to be something like the following:
username pat password DLaUiAX3l78qgoB5c7iVNw== nt-encrypted
The only time you would actually enter the encrypted or nt-encrypted keyword at the CLI is if you are
cutting and pasting a configuration to another security appliance and you are using the same password.
(Optional) To enforce user-specific access levels for users who authenticate for management access (see
Step 2
the aaa authentication console LOCAL command), enter the following command:
hostname(config)# aaa authorization exec authentication-server
This command enables management authorization for local users and for any users authenticated by
RADIUS, LDAP, and TACACS+. See the
Authorization" section on page 40-7
accommodate management authorization.
For a local user, configure the level of access using the service-type command as described in
(Optional) To configure username attributes, enter the following command:
Step 3
hostname(config)# username username attributes
where the username argument is the username you created in
(Optional) If you configured management authorization in
Step 4
configure the user level:
hostname(config-username)# service-type {admin | nas-prompt | remote-access}
where the admin keyword allows full access to any services specified by the aaa authentication console
LOCAL commands. admin is the default.
Cisco Security Appliance Command Line Configuration Guide
13-8
Chapter 13
Configuring AAA Servers and the Local Database
"Limiting User CLI and ASDM Access with Management
for information about configuring a user on a AAA server to
Step
Step
1.
2, enter the following command to
Step
4.
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
