37-17
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter37 Configuring Management Access
Configuring AAA for System Administrators
Licensing Requirements for AAA for System Administrators
The following table shows the licensing requirements for this feature:
Prerequisites
Depending on the feature, you can use the following:
AAA server—See the “Configuring AAA Server Groups” section on page35-11.
Local Database—See the “Adding a User Account to the Local Database” section on page35-20.
Prerequisites for Management Authentication
Before the ASA can authenticate a Telnet, SSH, or HTTP user, you must identify the IP addresses that
are allowed to communicate with the ASA. For more information, see the “Configuring ASA Access for
ASDM, Telnet, or SSH” section on page37-1.
Prerequisites for Local Command Authorization
Configure enable authentication. (See the “Configuring Authentication for CLI and ASDM Access”
section on page 37-19.) enable authentication is essential for maintaining the username after the
user accesses the enable command.
Alternatively, you can use the login command (which is the same as the enable command with
authentication; for the local database only), which requires no configuration. We do not recommend
this option because it is not as secure as enable authentication.
You can also use CLI authentication, but it is not required.
See the following prerequisites for each user type:
Local database users—Configure each user in the local database at a privilege level from 0 to 15.
RADIUS users—Configure the user with Cisco VSA CVPN3000-Privilege-Level with a value
between 0 and 15.
LDAP users—Configure the user with a privilege level between 0 and 15, and then map the
LDAP attribute to Cisco VSA CVPN3000-Privilege-Level according to the “Configuring LDAP
Attribute Maps” section on page35-18.
Prerequisites for TACACS+ Command Authorization
Configure CLI authentication (see the “Configuring Authentication for CLI and ASDM Access”
section on page 37-19).
Configure enable authentication (see the “Configuring Authentication to Access Privileged EXEC
Mode (the enable Command)” section on page 37-19).
Prerequisites for Managament Accounting
Configure CLI authentication (see the “Configuring Authentication for CLI and ASDM Access”
section on page 37-19).
Model License Requirement
All models Base License.