Filter
Top Products
16-31
Cisco ASDM User Guide
OL-16647-01
Chapter 16 Configuring Management Access
Configuring AAA for System Administrators
Step 4 Click Apply.
Configuring Management Access Accounting
To enable accounting for management access, perform the following steps:
Step 1 You can only account for users that first authenticate with the security appliance, so configure
authentication using the “Configuring Authentication for CLI, ASDM, and enable command Access”
section on page 16-20.
Step 2 To enable accounting of users when they enter the enable command:
a. Go to Configuration > Device Management > Users/AAA > AAA Access > Accounting, and check
the Require accounting to allow accounting of user activity > Enable check box.
b. From the Server Group drop-down list, choose a RADIUS or TACACS+ server group name.
Step 3 To enable accounting of users when they access the security appliance using Telnet, SSH, or the serial
console:
a. Under the Require accounting for the following types of connections area, check the check boxes
for Serial, SSH, and/or Telnet.
b. For each connection type, from the Server Group drop-down list, choose a RADIUS or TACACS+
server group name.
Step 4 To configure command accounting:
a. Under the Require command accounting area, check Enable.
b. From the Server Group drop-down list, choose a TACACS+ server group name. RADIUS is not
supported.
You can send accounting messages to the TACACS+ accounting server when you enter any
command other than show commands at the CLI.
c. If you customize the command privilege level using the Command Privilege Setup dialog box (see
the
“Assigning Privilege Levels to Commands and Enabling Authorization” section on page 16-26),
you can limit which commands the security appliance accounts for by specifying a minimum
privilege level in the Privilege level drop-down list. The security appliance does not account for
commands that are below the minimum privilege level.
Step 5 Click Apply.