Support User Manuals

Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

16-20

Cisco ASDM User Guide

OL-16647-01

Chapter 16 Configuring Management Access

Configuring AAA for System Administrators

Step 8 (Optional) To configure advanced options, click More Options. You can configure the following

settings:

• If you want to turn off this Management Access Rule, uncheck Enable Rule.

• To add a source service in the Source Service field; or click the ellipsis (...) to browse for a source

service.

The destination service and source service must be the same. Copy and paste the destination Service

field to the Source Service field.

• To configure the logging interval (if you enable logging and choose a non-default setting), enter a

value in seconds in the Logging Interval field.

• To select a predefined time range for this rule, from the Time Range drop-down list, choose a time

range; or click the ellipsis (...) to browse for a time range.

The Add Time Range dialog box appears. For information about adding a time range, see

Configuring Time Ranges, page 19-15.

Step 9 Click OK.

The dialog box closes and the Management Access rule is added.

Step 10 Click Apply.

The rule is saved in the running configuration.

Configuring AAA for System Administrators

This section describes how to enable authentication and command authorization for system

administrators. Before you configure AAA for system administrators, first configure the local database

or AAA server according to the “AAA Server and Local Database Support” section on page 14-3 or the

“Configuring AAA Server Groups” section on page 14-9.

This section includes the following topics:

• Configuring Authentication for CLI, ASDM, and enable command Access, page 16-20

• Limiting User CLI and ASDM Access with Management Authorization, page 16-22

• Configuring Command Authorization, page 16-23

• Configuring Management Access Accounting, page 16-31

• Recovering from a Lockout, page 16-32

Configuring Authentication for CLI, ASDM, and enable command Access

If you enable CLI authentication, the security appliance prompts you for your username and password

to log in. After you enter your information, you have access to user EXEC mode.

To enter privileged EXEC mode, enter the enable command or the login command (if you are using the

local database only).

previous next