Cisco Systems OL-12180-01 manual Add/Edit User Account Identity, 12-9

Chapter 12 Configuring AAA Servers and User Accounts

Configuring the Local Database

•VPN Group Lock—Specifies what, if any, group lock policy is in effect for this user. Not available in multimode.

•Add—Displays the Add User Account dialog box.

•Edit—Displays the Edit User Account dialog box.

•Delete—Removes the selected row from the table. There is no confirmation or undo.

Modes

The following table shows the modes in which this feature is available:

Add/Edit User Account > Identity

Use this pane to specify parameters that identify the user account you want to add or change. The changes appear in the User Accounts table as soon as you click OK.

Fields

•Username—Specifies the username for this account.

•Change user password—When editing an existing user, check this box to change the password.

–Password—Specifies the unique password for this user. The minimum password length is 4 characters. The maximum is 32 characters. Entries are case-sensitive. The field displays only asterisks.

To protect security, we recommend a password length of at least 8 characters.

–Confirm Password—Asks you to re-enter the user password to verify it. The field displays only asterisks.

•User authenticated using MSCHAP—Specifies that the password will be converted to unicode and hashed using MD4 after you enter it. Use this option if users are authenticated using MSCHAPv1 or MSCHAPv2

•Member-of—Specifies the VPN groups that the user belongs to.

–Member-of—Enter the name of a VPN group.

–Add—Adds the VPN group to the list.

–Delete—Deletes a VPN group from the list.

•Access Restriction—This section sets the management access level for a user. You must first enable management authorization using the Perform authorization for exec shell access option on the Configuration > Device Management > Users/AAA > AAA Access > Authorization tab.

–Full Access (ASDM, Telnet, SSH and console)—If you configure authentication for management access using the local database (see the “Configuring Authentication for CLI, ASDM, and enable command Access” section on page 13-27), then this option lets the user use ASDM, SSH, Telnet, and the console port. If you also configure enable authentication, then the user can access global configuration mode.