Cisco FirePOWER ASA 5500 series Configuration Manual page 777
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 40
Managing System Access
show | clear | cmd—These optional keywords let you set the privilege only for the show, clear, or
•
configure form of the command. The configure form of the command is typically the form that
causes a configuration change, either as the unmodified command (without the show or clear prefix)
or as the no form. If you do not use one of these keywords, all forms of the command are affected.
•
level level—A level between 0 and 15.
mode {enable | configure}—If a command can be entered in user EXEC/privileged EXEC mode as
•
well as configuration mode, and the command performs different actions in each mode, you can set
the privilege level for these modes separately:
–
–
command command—The command you are configuring. You can only configure the privilege
•
level of the main command. For example, you can configure the level of all aaa commands, but not
the level of the aaa authentication command and the aaa authorization command separately.
Also, you cannot configure the privilege level of subcommands separately from the main command.
For example, you can configure the context command, but not the allocate-interface command,
which inherits the settings from the context command.
To enable local command authorization, enter the following command:
Step 2
hostname(config)# aaa authorization command LOCAL
Even if you set command privilege levels, command authorization does not take place unless you enable
command authorization with this command.
For example, the filter command has the following forms:
filter (represented by the configure option)
•
show running-config filter
•
clear configure filter
•
You can set the privilege level separately for each form, or set the same privilege level for all forms by
omitting this option. For example, set each form separately as follows.
hostname(config)# privilege show level 5 command filter
hostname(config)# privilege clear level 10 command filter
hostname(config)# privilege cmd level 10 command filter
Alternatively, you can set all filter commands to the same level:
hostname(config)# privilege level 5 command filter
The show privilege command separates the forms in the display.
The following example shows the use of the mode keyword. The enable command must be entered from
user EXEC mode, while the enable password command, which is accessible in configuration mode,
requires the highest privilege level.
hostname(config)# privilege cmd level 0 mode enable command enable
hostname(config)# privilege cmd level 15 mode cmd command enable
hostname(config)# privilege show level 15 mode cmd command enable
This example shows an additional command, the configure command, that uses the mode keyword:
hostname(config)# privilege show level 5 mode cmd command configure
hostname(config)# privilege clear level 15 mode cmd command configure
hostname(config)# privilege cmd level 15 mode cmd command configure
OL-10088-01
enable—Specifies both user EXEC mode and privileged EXEC mode.
configure—Specifies configuration mode, accessed using the configure terminal command.
Configuring AAA for System Administrators
Cisco Security Appliance Command Line Configuration Guide
40-9
Advertisement
Table of Contents
Troubleshooting
