35-24
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter35 Configuring AAA Servers and the Local Database
Configuring AAA
Step2 aaa authorization exec
authentication-server
Example:
hostname(config)# aaa authorization exec
authentication-server
(Optional) Enforces user-specific access levels for users who
authenticate for management access (see the aaa authentication
console LOCAL command). This command enables management
authorization for local, RADIUS, LDAP (mapped), and
TACACS+ users.
Use the aaa authorization exec LOCAL command to enable
attributes to be taken from the local database. See the “Limiting
User CLI and ASDM Access with Management Authorization”
section on page37-21 for information about configuring a user on
a AAA server to accommodate management authorization.
Note the following prerequisites for each user type:
Configure local database users at a privilege level from 0 to
15 using the username command. Configure the level of
access using the service-type command.
Configure RADIUS users with Cisco VSA
CVPN3000-Privilege-Level with a value between 0 and 15.
Configure LDAP users with a privilege level between 0 and
15, and then map the LDAP attribute to Cisco VAS
CVPN3000-Privilege-Level using the ldap map-attributes
command.
See the privilege command for information about setting
command privilege levels.
Step3 username username attributes
Example:
hostname(config)# username exampleuser1
attributes
(Optional) Configures username attributes. The username
argument is the username that you created in Step1.
Command Purpose