60-7
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 60 Router Device Administration
AAA Policy Page
Navigation Path
Go to the AAA Policy Page, page 60-6, then click the Authentication tab.
Related Topics
Defining AAA Services, page 60-4
Understanding Method Lists, page 60-3
AAA Server Group Dialog Box, page 6-46
Predefined AAA Authentication Server Groups, page 6-28
Field Reference
AAA Page—Authorization Tab
Use the Authorization tab of the AAA page to define the type of authorization services to enable on the
device and the methods to use for each type. Security Manager supports the following types of
authorization:
Network—Authorizes various types of network connections, such as PPP.
EXEC—Authorizes the launching of EXEC sessions.
Table60-2 AAA Page—Authentication Tab
Element Description
Enable Device Login
Authentication
When selected, enables the authentication of all users when they log in
to the device, using the methods defined in the method list.
When deselected, authentication is not performed.
Prioritized Method List Defines a sequential list of methods to be queried when authenticating
a user. Enter the names of one or more AAA server group objects (up
to four), or click Select to select them. Use the up and down arrows in
the object selector to define the order in which the selected server
groups should be used. If the object that you want is not listed, click the
Create button to create it.
The device tries initially to authenticate users using the first method in
the list. If that method fails to respond, the device tries the next method,
and so on, until a response is received.
Supported methods include Line, Local, Kerberos, LDAP, RADIUS,
TACACS+, and None.
Note If you select None as a method, it must appear as the last
method in the list.
Maximum Number of
Attempts
The maximum number of unsuccessful authentication attempts before
a user is locked out. This feature is disabled by default. Valid values
range from 1 to 65535.
Note From the standpoint of the user, there is no distinction between
a normal authentication failure and an authentication failure
due to being locked out. The system administrator has to
explicitly clear the status of a locked-out user using clear
commands.