Cisco ASA 5505 User Manual

Page 761

37-21

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 37 Configuring Management Access

Configuring AAA for System Administrators

Limiting User CLI and ASDM Access with Management Authorization

If you configure CLI or enable authentication, you can limit a local user, RADIUS, TACACS+, or LDAP
user (if you map LDAP attributes to RADIUS attributes) from accessing the CLI, ASDM, or the enable
command.

Note

Serial access is not included in management authorization, so if you configure the aaa authentication
serial consolecommand, then any user who authenticates can access the console port.

To limit user CLI and ASDM access, perform the following steps:

Detailed Steps

Command

Purpose

Step 1

aaa authorization exec

authentication-server

Example:

hostname(config)# aaa authorization exec

authentication-server

Enables management authorization for local, RADIUS, LDAP
(mapped), and TACACS+ users. Also enables support of
administrative user privilege levels from RADIUS, which can be
used in conjunction with local command privilege levels for
command authorization. See the

“Configuring Local Command

Authorization” section on page 37-23

for more information. Use

the aaa authorization exec LOCAL command to enable
attributes to be taken from the local database.

This manual is related to the following products:

ASA 5585-X ASA 5555-X ASA 5545-X ASA 5525-X ASA 5515-X ASA 5512-X ASA 5580 ASA 5550 ASA 5540 ASA 5520 ASA 5510 ASA 5500 Series