40-19
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 40 Configuring Management Access
Configuring AAA for System Administrators
You can also use CLI authentication, but it is not required.
• See the following prerequisites for each user type:
–
Local database users—Configure each user in the local database at a privilege level from 0 to 15.
–
RADIUS users—Configure the user with Cisco VSA CVPN3000-Privilege-Level with a value
between 0 and 15.
–
LDAP users—Configure the user with a privilege level between 0 and 15, and then map the
LDAP attribute to Cisco VSA CVPN3000-Privilege-Level according to the “Using User Login
Credentials” section on page 38-8.
Prerequisites for TACACS+ Command Authorization
• Configure CLI and enable authentication (see the “Configuring Authentication for CLI, ASDM, and
enable command Access” section on page 40-20).
Prerequisites for Managament Accounting
• Configure CLI and enable authentication (see the “Configuring Authentication for CLI, ASDM, and
enable command Access” section on page 40-20).
Guidelines and Limitations
This section includes the guidelines and limitations for this feature.
Context Mode Guidelines
Supported in single and multiple context mode.
Firewall Mode Guidelines
Supported in routed and transparent firewall mode.
IPv6 Guidelines
Supports IPv6.
Default Settings
By default, the following commands are assigned to privilege level 0. All other commands are assigned
to privilege level 15.
• show checksum
• show curpriv
• enable
• help
• show history
• login
• logout
• pager
• show pager
