beautypg.com

Prerequisites – Cisco ASA 5505 User Manual

Page 757

background image

37-17

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 37 Configuring Management Access

Configuring AAA for System Administrators

Licensing Requirements for AAA for System Administrators

The following table shows the licensing requirements for this feature:

Prerequisites

Depending on the feature, you can use the following:

AAA server—See the

“Configuring AAA Server Groups” section on page 35-11

.

Local Database—See the

“Adding a User Account to the Local Database” section on page 35-20

.

Prerequisites for Management Authentication

Before the ASA can authenticate a Telnet, SSH, or HTTP user, you must identify the IP addresses that
are allowed to communicate with the ASA. For more information, see the

“Configuring ASA Access for

ASDM, Telnet, or SSH” section on page 37-1

.

Prerequisites for Local Command Authorization

Configure enable authentication. (See the

“Configuring Authentication for CLI and ASDM Access”

section on page 37-19

.) enable authentication is essential for maintaining the username after the

user accesses the enable command.

Alternatively, you can use the login command (which is the same as the enable command with
authentication; for the local database only), which requires no configuration. We do not recommend
this option because it is not as secure as enable authentication.

You can also use CLI authentication, but it is not required.

See the following prerequisites for each user type:

Local database users—Configure each user in the local database at a privilege level from 0 to 15.

RADIUS users—Configure the user with Cisco VSA CVPN3000-Privilege-Level with a value
between 0 and 15.

LDAP users—Configure the user with a privilege level between 0 and 15, and then map the
LDAP attribute to Cisco VSA CVPN3000-Privilege-Level according to the

“Configuring LDAP

Attribute Maps” section on page 35-18

.

Prerequisites for TACACS+ Command Authorization

Configure CLI authentication (see the

“Configuring Authentication for CLI and ASDM Access”

section on page 37-19

).

Configure enable authentication (see the

“Configuring Authentication to Access Privileged EXEC

Mode (the enable Command)” section on page 37-19

).

Prerequisites for Managament Accounting

Configure CLI authentication (see the

“Configuring Authentication for CLI and ASDM Access”

section on page 37-19

).

Model

License Requirement

All models

Base License.

This manual is related to the following products:
See also other documents in the category Cisco Hardware: