Configuring Tacacs+ Command Authorization - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Configuring AAA for System Administrators
hostname(config)# privilege cmd level 15 mode enable command configure
Note
This last line is for the configure terminal command.
Viewing Command Privilege Levels
The following commands let you view privilege levels for commands.
•
•
•
For example, for the show running-config all privilege all command, the system displays the current
assignment of each CLI command to a privilege level. The following is sample output from the
command.
hostname(config)# show running-config all privilege all
privilege show level 15 command aaa
privilege clear level 15 command aaa
privilege configure level 15 command aaa
privilege show level 15 command aaa-server
privilege clear level 15 command aaa-server
privilege configure level 15 command aaa-server
privilege show level 15 command access-group
privilege clear level 15 command access-group
privilege configure level 15 command access-group
privilege show level 15 command access-list
privilege clear level 15 command access-list
privilege configure level 15 command access-list
privilege show level 15 command activation-key
privilege configure level 15 command activation-key
....
The following command displays the command assignments for privilege level 10:
hostname(config)# show running-config privilege level 10
privilege show level 10 command aaa
The following command displays the command assignment for the access-list command:
hostname(config)# show running-config privilege command access-list
privilege show level 15 command access-list
privilege clear level 15 command access-list
privilege configure level 15 command access-list
Configuring TACACS+ Command Authorization
If you enable TACACS+ command authorization, and a user enters a command at the CLI, the security
appliance sends the command and username to the TACACS+ server to determine if the command is
authorized.
Cisco Security Appliance Command Line Configuration Guide
40-10
To show all commands, enter the following command:
hostname(config)# show running-config all privilege all
To show commands for a specific level, enter the following command:
hostname(config)# show running-config privilege level level
The level is an integer between 0 and 15.
To show the level of a specific command, enter the following command:
hostname(config)# show running-config privilege command command
Chapter 40
Managing System Access
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
