Cisco ASA Series Cli Configuration Manual page 1009
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 1
Configuring Management Access
•
Information About Management Authentication
This section describes authentication for management access and includes the following topics:
•
•
•
Comparing CLI Access with and without Authentication
How you log into the ASA depends on whether or not you enable authentication:
•
•
To enter privileged EXEC mode after logging in, enter the enable command. How enable works depends
on whether you enable authentication:
•
•
For enable authentication using the local database, you can use the login command instead of the enable
command. login maintains the username but requires no configuration to turn on authentication. See the
"Authenticating Users with the login Command" section on page 1-21
Comparing ASDM Access with and without Authentication
By default, you can log into ASDM with a blank username and the enable password set by the enable
password command. Note that if you enter a username and password at the login screen (instead of
leaving the username blank), ASDM checks the local database for a match.
If you configure HTTP authentication, you can no longer use ASDM with a blank username and the
enable password.
Authenticating Sessions from the Switch to the ASA Services Module
For sessions from the switch to the ASASM (using the session command), you can configure Telnet
authentication. For virtual console connections from the switch to the ASASM (using the
service-module session command), you can configure serial port authentication.
In multiple context mode, you cannot configure any AAA commands in the system configuration.
However, if you configure Telnet or serial authentication in the admin context, then authentication also
applies to sessions from the switch to the ASASM. The admin context AAA server or local user database
is used in this instance.
Information About Command Authorization, page 1-16
Comparing CLI Access with and without Authentication, page 1-15
Comparing ASDM Access with and without Authentication, page 1-15
Authenticating Sessions from the Switch to the ASA Services Module, page 1-15
If you do not enable any authentication for Telnet, you do not enter a username; you enter the login
password (set with the password command). For SSH, you enter the username and the login
password. You access user EXEC mode.
If you enable Telnet or SSH authentication according to this section, you enter the username and
password as defined on the AAA server or local user database. You access user EXEC mode.
If you do not configure enable authentication, enter the system enable password when you enter the
enable command (set by the enable password command). However, if you do not use enable
authentication, after you enter the enable command, you are no longer logged in as a particular user.
To maintain your username, use enable authentication.
If you configure enable authentication (see the
EXEC Mode (the enable Command), page
password again. This feature is particularly useful when you perform command authorization, in
which usernames are important in determining the commands that a user can enter.
Configuring AAA for System Administrators
Configuring Authentication to Access Privileged
1-20), the ASA prompts you for your username and
for more information.
Cisco ASA Series CLI Configuration Guide
1-15
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
