Filter
Top Products
16-21
Cisco ASDM User Guide
OL-16647-01
Chapter 16 Configuring Management Access
Configuring AAA for System Administrators
If you configure enable authentication, the security appliance prompts you for your username and
password. If you do not configure enable authentication, enter the system enable password when you
enter the enable command (set by the enable password command). However, if you do not use enable
authentication, after you enter the enable command, you are no longer logged in as a particular user. To
maintain your username, use enable authentication.
For authentication using the local database, you can use the login command, which maintains the
username but requires no configuration to turn on authentication.
Note Before the security appliance can authenticate a Telnet, SSH, or HTTP user, you must first configure
access to the security appliance according to the “Configuring Device Access for ASDM, Telnet, or
SSH” section on page 16-1. These panes identify the IP addresses that are allowed to communicate with
the security appliance.
To configure CLI, ASDM, or enable authentication, perform the following steps:
Step 1 To authenticate users who use the enable command, go to Configuration > Device Management >
Users/AAA > AAA Access > Authentication, and configure the following settings:
a. Check the Enable check box.
b. From the Server Group drop-down list, choose a server group name or the LOCAL database.
c. (Optional) If you chose a AAA server, you can configure the security appliance to use the local
database as a fallback method if the AAA server is unavailable. Click the Use LOCAL when server
group fails check box. We recommend that you use the same username and password in the local
database as the AAA server because the security appliance prompt does not give any indication
which method is being used.
Step 2 To authenticate users who access the CLI or ASDM, go to Configuration > Device Management >
Users/AAA > AAA Access > Authentication, and configure the following settings:
a. Check one or more of the following check boxes:
• HTTP/ASDM—Authenticates the ASDM client that accesses the security appliance using HTTPS.
You only need to configure HTTP authentication if you want to use a AAA server. By default,
ASDM uses the local database for authentication even if you do not configure this command. HTTP
management authentication does not support the SDI protocol for a AAA server group.
• Serial—Authenticates users who access the security appliance using the console port.
• SSH—Authenticates users who access the security appliance using SSH.
• Telnet—Authenticates users who access the security appliance using Telnet.
b. For each service that you checked, from the Server Group drop-down list, choose a server group
name or the LOCAL database.
c. (Optional) If you chose a AAA server, you can configure the security appliance to use the local
database as a fallback method if the AAA server is unavailable. Click the Use LOCAL when server
group fails check box. We recommend that you use the same username and password in the local
database as the AAA server because the security appliance prompt does not give any indication
which method is being used.
Step 3 Click Apply.