Filter
Top Products
16-30
Cisco ASDM User Guide
OL-16647-01
Chapter 16 Configuring Management Access
Configuring AAA for System Administrators
Figure 16-4 Specifying Abbreviations
• We recommend that you allow the following basic commands for all users:
–
show checksum
–
show curpriv
–
enable
–
help
–
show history
–
login
–
logout
–
pager
–
show pager
–
clear pager
–
quit
–
show version
Enabling TACACS+ Command Authorization
Before you enable TACACS+ command authorization, be sure that you are logged into the security
appliance as a user that is defined on the TACACS+ server, and that you have the necessary command
authorization to continue configuring the security appliance. For example, you should log in as an admin
user with all commands authorized. Otherwise, you could become unintentionally locked out.
To configure TACACS+ command authorization, perform the following steps:
Step 1 To perform command authorization using a TACACS+ server, go to Configuration > Device
Management > Users/AAA > AAA Access > Authorization, and check the Enable authorization for
command access > Enable check box.
Step 2 From the Server Group drop-down list, choose a AAA server group name.
Step 3 (Optional) you can configure the security appliance to use the local database as a fallback method if the
AAA server is unavailable. Click the Use LOCAL when server group fails check box. We recommend
that you use the same username and password in the local database as the AAA server because the
security appliance prompt does not give any indication which method is being used.