Http Page-AAA Tab, Https, 112 | Cisco Systems OL-16066-01 specification

Appendix K Router Platform User Interface Reference

HTTP Policy Page

Table K-49	HTTP Page—Setup Tab (Continued)

Enable SSL		When selected, a secure HTTP server (HTTP over SSL or HTTPS) is enabled
		on the router.
		When deselected, HTTPS is disabled. This is the default for devices that
		were not discovered.
		Note If SSL is disabled (or if the HTTP policy as a whole is unassigned),
		Security Manager cannot communicate with the device after
		deployment unless you change the transport protocol for this device
		to SSH. This setting can be found in Device Properties.
		Note We recommend that you disable HTTP when SSL is enabled. This is
		required to ensure only secure connections to the server.

SSL Port		The port number to use for HTTPS. Valid values are 443 or any value from
		1025 to 65535. The default is 443.

Allow Connection From		The numbered ACL that restricts use of HTTP and HTTPS on this device.
		Enter the name of an ACL object, or click Select to display an Object
		Selectors, page F-593.
		If the standard ACL you want is not listed, click the Create button in the
		selector to display the Add and Edit Standard Access List Pages, page F-42.
		From here you can create an ACL object.
		Note If you define an ACL, make sure that it includes the Security
		Manager server. Otherwise, Security Manager cannot communicate
		with this device using SSL.

Save button		Saves your changes to the Security Manager server but keeps them private.
		Note To publish your changes, click the Submit button on the toolbar.

HTTP Page—AAA Tab

Use the AAA tab of the HTTP page to define the authentication and authorization methods to perform on users who attempt to access the router using HTTP or

HTTPS.

Navigation Path

Go to the HTTP Policy Page, page K-110, then click the AAA tab.

	User Guide for Cisco Security Manager 3.2
K-112	OL-16066-01

Image 112

Cisco Systems OL-16066-01 appendix Http Page-AAA Tab, Https, 112

Contents

Router Platform User Interface Reference CPU Policy Page, page K-107 Dhcp Policy Page, page K-167 NTP Policy Page, page K-174 NAT Page-Interface Specification Tab NAT PolicyFor more information, see NAT on Cisco IOS Routers, Chapter K, Router Platform User Interface Reference Edit Interfaces Dialog Box-NAT Inside Interfaces Related Topics Edit Interfaces Dialog Box-NAT Outside Interfaces Field Reference NAT Page-Static Rules Tab NAT Static Rule Dialog Box Information, see Filtering Tables, Basic Interface Settings on Cisco IOS Routers, Defining Static NAT Rules,Disabling the Alias Option for Attached Subnets, Disabling the Payload Option for Overlapping Networks, Table K-5 NAT Static Rule Dialog Box Table K-5 NAT Static Rule Dialog Box Appendix K Router Platform User Interface Reference NAT Page-Dynamic Rules Tab NAT Page-Interface Specification Tab, page K-3For more information, see Defining Dynamic NAT Rules, NAT Dynamic Rule Dialog Box Object Selectors, page F-593 F-593 NAT Page-Timeouts Tab Specifying NAT Timeouts, Router Interfaces Table Columns and Column Heading Features, Create Router Interface Dialog Box Enabled Type Name Parent Discontiguous Network Masks, BRI, PRI Isdn Table K-10 Create Router Interface Dialog Box MTU Vlan ID Interface Auto Name Generator Dialog Box Dlci Advanced Interface Settings Available Interface Types, CDP Advanced Interface Settings Dialog Box You can create an interface role object Selectors, page F-593 Eguide09186a00804247fc.htmlFor more information, see Understanding Helper Addresses, Cisco Discovery Protocol settings Table K-13 Advanced Interface Settings Dialog Box VFR Fragreassmps6441TSDProductsConfigurationGuideChapter.html00800a3ded.shtml ACL AIM-IPS Interface Settings IPS Monitoring Information Dialog Box Dialer Policy Configuring Dial Backup, SPID1 Dialer Profile Dialog BoxSPID2 Table K-17 Dialer Profile Dialog Box Dialer Physical Interface Dialog Box Isdn BRI Adsl Policy Adsl on Cisco IOS Routers, Adsl Settings Dialog Box Defining Adsl Settings, PVC Policy Page, page K-54 Supported by each card type may cause deployment to fail Table K-20 Adsl Settings Dialog Box Shdsl Policy Shdsl on Cisco IOS Routers, Edit the selected DSL controller definition Defining Shdsl Controllers, Shdsl Controller Dialog BoxDialog Box, page K-53 User Guide for Cisco Security Manager CPE Table K-22 Shdsl Dialog Box Controller Auto Name Generator Dialog Box PVC Policy PVC ID PVCPVC OAM OAM-PVC PVC Dialog Box Defining ATM PVCs, Table K-25 PVC Dialog Box PVC. See PVC Dialog Box-QoS Tab, page K-63 PVC Dialog Box-Settings Tab, page K-59Inverse ARP. See PVC Dialog Box-Protocol Tab, page K-67 PVC Dialog Box-Settings Tab VCI VPIIlmi PVC Resources are freed for other dial-in users Dialog Box-Protocol Tab, page K-67 PVC Dialog Box-QoS TabPPP Quality of Service Policy Page, page K-199 Understanding Policing and Shaping Parameters, ABR Service Classes,CBR UBR UBR+VBR-NRT VBR-RT PVC Dialog Box-Protocol Tab Define Mapping Dialog Box PVC Dialog Box, page K-56 Defining ATM PVCs, PVC Advanced Settings Dialog Box Type for the PVC. See PVC Dialog Box-Settings Tab, page K-59 PVC Advanced Settings Dialog Box-OAM Tab Advanced Settings Dialog Box-OAM Tab, page K-70Advanced Settings Dialog Box-OAM-PVC Tab, page K-73 Go to the PVC Dialog Box, page K-56, then click Advanced PVC Dialog Box, page K-56 Table K-31 PVC Advanced Settings Dialog Box-OAM Tab PVC Advanced Settings Dialog Box-OAM-PVC Tab OAM-PVC tab Table K-32 PVC Advanced Settings Dialog Box-OAM-PVC Tab Table K-32 PVC Advanced Settings Dialog Box-OAM-PVC Tab PPP/MLP Policy Table K-33 PPP/MLP PPP Dialog Box Defining PPP Connections, Connection. See PPP Dialog Box-PPP Tab, page K-80 Tab, page K-84 PPP Dialog Box-PPP TabPPP Dialog Box-MLP Tab, page K-84 Table K-35 PPP Dialog Box-PPP Tab It for other PPP connections on this device Chap Authentication settings PPP Dialog Box-PPP Tab, page K-80 PPP Dialog Box-MLP TabMLP Advance None-Negotiation is conducted without using an endpoint AAA Policy AAA Page-Authentication Tab Defining AAA Services, Understanding Method Lists, Predefined AAA Authentication Server Groups,AAA Server Group Dialog Box, page F-12 AAA Page-Authorization Tab Information, see Filtering Tables, Command Authorization Dialog Box AAA Page-Accounting Tab Table K-41 AAA Page-Accounting Tab See description Table N-91 on page N-131 Command Accounting Dialog Box Server groups configured with TACACS+ Accounts and Credential s Policy Table K-43 Accounts and Credentials User Account Dialog Box 100 Understanding FlexConfig Objects, Defining Accounts and Credential Policies,User Accounts and Device Credentials on Cisco IOS Routers, MD5 Bridging on Cisco IOS Routers, Bridging Policy102 Bridge Group Dialog Box 103 Clock Policy 104 105 106 CPU Policy 107 108 109 Http Policy 110 Http and Https on Cisco IOS Routers, Http Page-Setup Tab111 Https Http Page-AAA Tab112 Http Page-Setup Tab, page K-111 113 114 115 Command Authorization Override Dialog Box Http Policy Page, page K-110AAA Policy Page, page K-87 116 Console Policy 117 VTY Line Dialog Box-Setup Tab, page K-132 Console Page-Setup Tab118 119 120 Console Page-Authentication Tab 121 Page-Authentication Tab, page K-88 122 Console Page-Authorization Tab 123 124 Console Page-Accounting Tab 125 126 Page-Accounting Tab, page K-93 127 128 VTY Policy 129 130 Line Access on Cisco IOS Routers, Dialog Box-Setup Tab, page K-132VTY Line Dialog Box 131 VTY Line Dialog Box-Setup Tab Defining VTY Line Setup Parameters,Console Page-Setup Tab, page K-118 132 133 Policy. See Http Page-Setup Tab, page K-111 134 135 VTY Line Dialog Box-Authentication Tab 136 VTY Line Dialog Box-Authorization Tab 137 Page-Authorization Tab, page K-90 138 VTY Line Dialog Box-Accounting Tab 139 140 141 142 Console Policy Page, page K-117 VTY Policy Page, page K-129 Command Authorization Dialog Box-Line Access143 Level. See Command Accounting Dialog Box, page K-96 144 Command Accounting Dialog Box-Line Access 145 146 Secure Shell Policy 147 Box-Setup Tab, page K-132 148 For more information, see Defining Snmp Agent Properties, Snmp Policy149 Snmp on Cisco IOS Routers, 150 Generate. See Snmp Traps Dialog Box, page K-155 Permission Dialog Box151 Trap Receiver Dialog Box, page K-153 Snmp Traps Dialog Box, page K-155Defining Snmp Agent Properties, 152 Permission Dialog Box, page K-151 Trap Receiver Dialog Box153 154 Snmp Traps Dialog Box 155 For more information, see Understanding IKE, 156 157 DNS Policy 158 DNS on Cisco IOS Routers, IP Host Dialog Box159 Hostnames and Domain Names on Cisco IOS Routers, Hostname Policy160 Memory Policy For more information, see Defining Router Memory Settings,161 162 Secure Device Provisioning on Cisco IOS Routers, Secure Device Provisioning Policy163 Administrative Introducers, Secure Device Provisioning Workflow,Understanding PKI Enrollment Objects, Click Select to display an Object Selectors, page F-593 165 166 Dhcp Policy For more information, see Defining Dhcp Policies,Dhcp on Cisco IOS Routers, 167 Definition, page 9-153and Supported IP Address Formats, To display an Object Selectors, page F-593168 169 Dhcp Database Dialog Box Defining Dhcp Policies,IP Pool Dialog Box, page K-171 170 IP Pool Dialog Box 171 Select to display an Object Selectors, page F-593 172 Ddhhmm 173 For more information, see Defining NTP Servers, NTP Policy174 NTP Server Dialog Box, page K-176 175 NTP Server Dialog Box 176 Policy Page, page K-174 177 K-174 178 For more information, see Defining 802.1x Policies, 802.1x Policy179 Defined here. See PPP Dialog Box, page K-78 Or click Add to display an Object Selectors, page F-593180 181 182 Network Admission Control Policy Network Admission Control Page-Setup Tab183 Defining NAC Setup Parameters, 184 More information, see Working with Access Rules, Configuration Dialog Box, page K-187185 Network Admission Control Page-Setup Tab, page K-183 Network Admission Control Page-Interfaces TabDefining NAC Interface Parameters, 186 NAC Interface Configuration Dialog Box 187 Page, page F-31 188 Defining NAC Identity Parameters, Network Admission Control Page-Identities Tab189 NAC Identity Profile Dialog Box 190 NAC Identity Action Dialog Box NAC Identity Action Dialog Box, page K-191Actions, see NAC Identity Action Dialog Box, page K-191 NAC Identity Profile Dialog Box, page K-190 Logging Setup Policy Intercept ACL. See NAC Interface Configuration Dialog BoxBox, page K-190 K-187 193 Information, see -5 on 194 195 196 For more information, see Defining Syslog Servers, Syslog Servers Policy197 XML Syslog Server Dialog Box198 Quality of Service Policy Defining Syslog Servers,Logging on Cisco IOS Routers, Understanding Network/Host Objects, Defining QoS Policies, Understanding Control Plane Policing,CIR 200 201 202 Quality of Service on Cisco IOS Routers, QoS Policy Dialog BoxK-205 203 204 QoS Class Dialog Box 205 206 Box-Matching Tab, page K-208 Box-Queuing and Congestion Avoidance Tab, page K-212Dialog Box-Policing Tab, page K-214 Tab, page K-217 QoS Class Dialog Box-Matching Tab 208 Dscp F-593. For more information, see Edit ACLs Dialog Box-QoSClasses, page K-210 209 Defining QoS Class Matching Parameters, Edit ACLs Dialog Box-QoS Classes210 QoS Class Dialog Box-Marking Tab 211 QoS Class Dialog Box-Queuing and Congestion Avoidance Tab 212 213 QoS Class Dialog Box-Policing Tab 214 215 216 QoS Class Dialog Box-Shaping Tab 217 218 BGP Routing Policy 219 BGP Page-Setup Tab Defining BGP Routes,Supported IP Address Formats, 220 Dialog Box, page K-222 221 Neighbors Dialog Box 222 BGP Page-Setup Tab, page K-220 BGP Page-Redistribution TabRedistributing Routes into BGP, 223 BGP Redistribution Mapping Dialog Box 224 225 Eigrp Routing Policy Eigrp Page-Setup Tab226 Eigrp Setup Dialog Box 227 Defining Eigrp Routes, 228 Eigrp Page-Setup Tab, page K-226 Eigrp Page-Interfaces TabEdit Interfaces Dialog Box-EIGRP Passive Interfaces 229 Defining Eigrp Interface Properties, 230 Eigrp Interface Dialog Box Systems, see Eigrp Setup Dialog Box, page K-227231 Eigrp Page-Redistribution Tab 232 233 Eigrp Redistribution Mapping Dialog Box Redistributing Routes into EIGRP,Page-Redistribution Tab, page K-223 234 235 Ospf Interface Policy 236 237 Defining Ospf Interface Settings, Ospf Interface Dialog BoxOspf Routing on Cisco IOS Routers, 238 239 240 241 Objects, 242 Ospf Process Policy Ospf Process Page-Setup Tab243 Defining Ospf Process Settings, 244 Ospf Setup Dialog Box 245 Edit Interfaces Dialog Box-OSPF Passive Interfaces Ospf Process Page-Setup Tab, page K-243246 Ospf Process Page-Area Tab Defining Ospf Area Settings,247 Ospf Area Dialog Box 248 Ospf Process Page-Redistribution Tab 249 250 Ospf Redistribution Mapping Dialog Box 251 252 253 Ospf Max Prefix Mapping Dialog Box Ospf Redistribution Mapping Dialog Box, page K-251K-243 254 RIP Routing Policy RIP Page-Setup Tab255 An Object Selectors, page F-593 Defining RIP Setup Parameters,256 Edit Interfaces Dialog Box-RIP Passive Interfaces RIP Page-Authentication Tab257 RIP Page-Setup Tab, page K-255 Defining RIP Interface Authentication Settings,258 RIP Authentication Dialog Box 259 RIP Page-Redistribution Tab Redistribution tab. See RIP Page-Setup Tab, page K-255260 Redistributing Routes into RIP, RIP Redistribution Mapping Dialog Box261 262 Static Routing on Cisco IOS Routers, Static Routing Policy263 Static Routing Dialog Box 264 Defining Static Routes, 265 266 267 268