User And Role Management - Cisco Firepower 4110 Preparative Procedures & Operational User Manual
Firepower 4100 series; firepower 9000 series
Hide thumbs
Also See for Firepower 4110:
- Hardware installation manual (84 pages) ,
- Manual (26 pages) ,
- Getting started (42 pages)
Table of Contents
Advertisement
Cisco Preparative Procedures & Operational User Guide
4.5.3 User and Role Management
User accounts are used to access the system. Up to 48 local user accounts can be configured. Each user
account must have a unique username and password.
Admin Account
The admin account is a default user account and cannot be modified or deleted. This account is the system
administrator or superuser account and has full privileges. There is no default password assigned to the
admin account; you must choose the password during the initial system setup.
The admin account is always active and does not expire. You cannot configure the admin account as
inactive.
Locally Authenticated User Accounts
A locally authenticated user account is authenticated directly through the chassis and can be enabled or
disabled by anyone with admin or AAA privileges. Once a local user account is disabled, the user cannot
log in. Configuration details for disabled local user accounts are not deleted by the database. If you re-
enable a disabled local user account, the account becomes active again with the existing configuration,
including username and password.
Remotely Authenticated User Accounts
A remotely authenticated user account is any user account that is authenticated through LDAP, RADIUS,
or TACACS+.
If a user maintains a local user account and a remote user account simultaneously, the roles defined in the
local user account override those maintained in the remote user account.
User Roles
The system contains the following user roles:
Administrator
Complete read-and-write access to the entire system. The default admin account is assigned this
role by default and it cannot be changed.
Read-Only
Read-only access to system configuration with no privileges to modify the system state.
Operations
Read-and-write access to NTP configuration, Smart Call Home configuration for Smart
Licensing, and system logs, including syslog servers and faults. Read access to the rest of the
system.
AAA Administrator
Read-and-write access to users, roles, and AAA configuration. Read access to the rest of the
system.
Selecting the Default Authentication Service via CLI
1) Enter security mode:
Firepower-chassis # scope security
© 2016 Cisco Systems, Inc. All rights reserved.
- Quick Links:
- Login to Cli Remotely
- Configure Ssh Via Cli
Hide quick links:
Advertisement
Table of Contents
