Cisco ASA 5505 Configuration Manual page 684
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Configuring AAA for System Administrators
•
•
•
b.
c.
Click Apply.
Step 3
Detailed Steps
Limiting User CLI and ASDM Access with Management Authorization
If you configure CLI or enable authentication, you can limit a local user, RADIUS, TACACS+, or LDAP
user (if you map LDAP attributes to RADIUS attributes) from accessing the CLI, ASDM, or the enable
command.
Serial access is not included in management authorization, so if you enable the Authentication > Serial
Note
option, then any user who authenticates can access the console port.
Detailed Steps
To configure management authorization, perform the following steps:
To enable management authorization, go to Configuration > Device Management > Users/AAA > AAA
Step 1
Access > Authorization, and check the Perform authorization for exec shell access > Enable check
box.
This option also enables support of administrative user privilege levels from RADIUS, which can be
used in conjunction with local command privilege levels for command authorization. See the
"Configuring Local Command Authorization" section on page 32-15
Step 2
To configure the user for management authorization, see the following requirements for each AAA
server type or local user:
•
•
Cisco ASA 5500 Series Configuration Guide using ASDM
32-12
Serial—Authenticates users who access the adaptive security appliance using the console port.
SSH—Authenticates users who access the adaptive security appliance using SSH.
Telnet—Authenticates users who access the adaptive security appliance using Telnet.
For each service that you checked, from the Server Group drop-down list, choose a server group
name or the LOCAL database.
(Optional) If you chose a AAA server, you can configure the adaptive security appliance to use the
local database as a fallback method if the AAA server is unavailable. Click the Use LOCAL when
server group fails check box. We recommend that you use the same username and password in the
local database as the AAA server because the adaptive security appliance prompt does not give any
indication which method is being used.
RADIUS or LDAP (mapped) users—Configure the Service-Type attribute for one of the following
values.
RADIUS or LDAP (mapped) users—Use the IETF RADIUS numeric Service-Type attribute which
maps to one of the following values.
Service-Type 6 (Administrative)—Allows full access to any services specified by the
–
Authentication tab options
Chapter 32
Configuring Management Access
for more information.
OL-20339-01
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
