Aaa For System Administrators; Configuring Authentication For Cli And Asdm Access - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
AAA for System Administrators
Like access lists, the FWSM matches a packet to each icmp statement in order. You should use specific
statements first, and general statements later. There is an implicit deny at the end. For example, if you
allow all addresses first, then deny a specific address after, then that address will be unintentionally
allowed because it matched the first statement.
If you only want to allow the FWSM to ping a host (and thus allow the echo reply back to the interface),
Note
and not allow hosts to ping the FWSM, you can enable the ICMP inspection engine instead of entering
the command above. See
For example, to allow all hosts except the one at 10.1.1.15 to use ICMP to the inside interface, enter the
following commands:
hostname(config)# icmp deny host 10.1.1.15 inside
hostname(config)# icmp permit any inside
To allow the host at 10.1.1.15 to use only ping to the inside interface, enter the following commands:
hostname(config)# icmp permit host 10.1.1.15 inside
AAA for System Administrators
This section describes how to enable CLI authentication, command authorization, and command
accounting for system administrators. Before you configure AAA for system administrators, first
configure the local database or AAA server according to
Local Database."
Note
In multiple context mode, you cannot configure any AAA commands in the system configuration.
However, if you configure Telnet authentication in the admin context, then authentication also applies
to sessions from the switch to the FWSM (which enters the system execution space). See the
"Configuring Authentication for CLI and ASDM Access" section on page 23-10
This section includes the following topics:
•
•
•
•
•
•
Configuring Authentication for CLI and ASDM Access
This section explains how to configure CLI authentication when you use Telnet or SSH, and how to
configure ASDM authentication. This section includes the following topics:
•
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
23-10
Chapter 22, "Applying Application Layer Protocol Inspection."
Configuring Authentication for CLI and ASDM Access, page 23-10
Configuring Authentication to Access Privileged EXEC Mode, page 23-13
Configuring Command Authorization, page 23-14
Configuring Command Accounting, page 23-22
Viewing the Current Logged-In User, page 23-22
Recovering from a Lockout, page 23-23
CLI Access Overview, page 23-11
ASDM Access Overview, page 23-11
Chapter 23
Configuring Management Access
Chapter 11, "Configuring AAA Servers and the
for more information.
OL-20748-01
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
