Cisco ASA 5505 User Manual

Page 768

37-28

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 37 Configuring Management Access

Configuring AAA for System Administrators

For example, to allow enable, but not enable password, enter enable in the commands field, and
deny password in the arguments field. Be sure to check the Permit Unmatched Args check box so
that enable alone is still allowed (see

Figure 37-3

Figure 37-3

Disallowing Arguments

•

When you abbreviate a command at the command line, the ASA expands the prefix and main
command to the full text, but it sends additional arguments to the TACACS+ server as you enter
them.

For example, if you enter sh log, then the ASA sends the entire command to the TACACS+ server,
show logging. However, if you enter sh log mess, then the ASA sends show logging mess to the
TACACS+ server, and not the expanded command show logging message. You can configure
multiple spellings of the same argument to anticipate abbreviations (see

Figure 37-4

Figure 37-4

Specifying Abbreviations

•

We recommend that you allow the following basic commands for all users:

–

show checksum

–

show curpriv

–

enable

–

help

–

show history

This manual is related to the following products:

ASA 5585-X ASA 5555-X ASA 5545-X ASA 5525-X ASA 5515-X ASA 5512-X ASA 5580 ASA 5550 ASA 5540 ASA 5520 ASA 5510 ASA 5500 Series