Cisco ASA 5505 User Manual
Page 768
37-28
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 37 Configuring Management Access
Configuring AAA for System Administrators
For example, to allow enable, but not enable password, enter enable in the commands field, and
deny password in the arguments field. Be sure to check the Permit Unmatched Args check box so
that enable alone is still allowed (see
Figure 37-3
Disallowing Arguments
•
When you abbreviate a command at the command line, the ASA expands the prefix and main
command to the full text, but it sends additional arguments to the TACACS+ server as you enter
them.
For example, if you enter sh log, then the ASA sends the entire command to the TACACS+ server,
show logging. However, if you enter sh log mess, then the ASA sends show logging mess to the
TACACS+ server, and not the expanded command show logging message. You can configure
multiple spellings of the same argument to anticipate abbreviations (see
Figure 37-4
Specifying Abbreviations
•
We recommend that you allow the following basic commands for all users:
–
show checksum
–
show curpriv
–
enable
–
help
–
show history