Cisco ASA 5505 User Manual

35-24

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 35 Configuring AAA Servers and the Local Database

Configuring AAA

Step 2

aaa authorization exec

authentication-server

Example:

hostname(config)# aaa authorization exec

authentication-server

(Optional) Enforces user-specific access levels for users who
authenticate for management access (see the aaa authentication
console LOCAL command). This command enables management
authorization for local, RADIUS, LDAP (mapped), and
TACACS+ users.

Use the aaa authorization exec LOCAL command to enable
attributes to be taken from the local database. See the

“Limiting

User CLI and ASDM Access with Management Authorization”
section on page 37-21

for information about configuring a user on

a AAA server to accommodate management authorization.

Note the following prerequisites for each user type:

•

Configure local database users at a privilege level from 0 to
15 using the username command. Configure the level of
access using the service-type command.

•

Configure RADIUS users with Cisco VSA
CVPN3000-Privilege-Level with a value between 0 and 15.

•

Configure LDAP users with a privilege level between 0 and
15, and then map the LDAP attribute to Cisco VAS
CVPN3000-Privilege-Level using the ldap map-attributes
command.

•

See the privilege command for information about setting
command privilege levels.

Step 3

username

username attributes

Example:

hostname(config)# username exampleuser1

attributes

(Optional) Configures username attributes. The username
argument is the username that you created in

Step 1

.

Command

Purpose