Configuring authentication for cli and asdm access, For more informati, Configuring authentication to access privileged – Cisco ASA 5505 User Manual

Page 759

Advertising
background image

37-19

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 37 Configuring Management Access

Configuring AAA for System Administrators

Configuring Authentication for CLI and ASDM Access

To configure management authentication, enter the following command:

Configuring Authentication to Access Privileged EXEC Mode (the enable
Command)

You can configure the ASA to authenticate users with a AAA server or the local database when they enter
the enable command. Alternatively, users are automatically authenticated with the local database when
they enter the login command, which also accesses privileged EXEC mode depending on the user level
in the local database.

This section includes the following topics:

Configuring Authentication for the enable Command, page 37-20

Authenticating Users with the login Command, page 37-20

Command

Purpose

aaa authentication

{telnet | ssh | http |

serial

} console {LOCAL |

server_group [LOCAL]}

Example:

hostname(config)# aaa authentication

telnet console LOCAL

Authenticates users for management access. The telnet keyword controls
Telnet access.

The ssh keyword controls SSH access. The SSH default usernames asa and
pix are no longer supported.

The http keyword controls ASDM access.

The serial keyword controls console port access.

HTTP management authentication does not support the SDI protocol for a
AAA server group.

If you use a AAA server group for authentication, you can configure the
ASA to use the local database as a fallback method if the AAA server is
unavailable. Specify the server group name followed by LOCAL (LOCAL
is case sensitive). We recommend that you use the same username and
password in the local database as the AAA server, because the ASA prompt
does not give any indication which method is being used.

You can alternatively use the local database as your primary method of
authentication (with no fallback) by entering LOCAL alone.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals