Cisco ASA 5505 Configuration Manual page 694

Asa 5500 series

Hide thumbs Also See for ASA 5505:

Getting started manual (168 pages)

Administrator's manual (118 pages)

Hardware installation manual (82 pages)

Table of Contents

Configuring AAA for System Administrators

Enabling TACACS+ Command Authorization

Before you enable TACACS+ command authorization, be sure that you are logged into the adaptive

security appliance as a user that is defined on the TACACS+ server, and that you have the necessary

command authorization to continue configuring the adaptive security appliance. For example, you

should log in as an admin user with all commands authorized. Otherwise, you could become

unintentionally locked out.

Detailed Steps

To perform command authorization using a TACACS+ server, go to Configuration > Device

Management > Users/AAA > AAA Access > Authorization, and check the Enable authorization for

command access > Enable check box.

From the Server Group drop-down list, choose a AAA server group name.

(Optional) you can configure the adaptive security appliance to use the local database as a fallback

method if the AAA server is unavailable. Click the Use LOCAL when server group fails check box.

We recommend that you use the same username and password in the local database as the AAA server

because the adaptive security appliance prompt does not give any indication which method is being used.

Be sure to configure users in the local database (see the

and command privilege levels (see the

Click Apply.

Configuring Management Access Accounting

You can configure accounting when users log in, when they enter the enable command, or when they

issue commands.

Prerequisites

You can only account for users that first authenticate with the adaptive security appliance, so configure

authentication using the

section on page

For information about configuring a AAA server group, see the

section on page

accounting, you can only use TACACS+ servers.

Detailed Steps

Cisco ASA 5500 Series Configuration Guide using ASDM

show version

"Configuring Authentication for CLI, ASDM, and enable command Access"

31-8. For CLI access, you can use TACACS+ or RADIUS servers. For command

"Adding a User Account" section on page

"Configuring Local Command Authorization" section on

"Configuring AAA Server Groups"

Configuring Management Access

Show Quick Links

Chapters

Table of Contents

Asa 5510 Asa 5540 Asa 5520 Asa 5550 Asa 5580

Cisco ASA 5505 Configuration Manual page 694

Hide quick links:

Chapters

Related Manuals for Cisco ASA 5505

Related Products for Cisco ASA 5505

This manual is also suitable for:

Table of Contents