114 | Cisco Systems OL-16066-01 guide

Appendix K Router Platform User Interface Reference

HTTP Policy Page

Table K-50 HTTP Page—AAA Tab (Continued)

Prioritized Method List Applies only when the Enable Device Login Authentication check box is selected.

Defines a sequential list of methods to be queried when authenticating a user. Enter the names of one or more AAA server group objects (up to four), or click Select to display an Object Selectors, page F-593. Use the up and down arrows in the object selector to define the order in which the selected server groups should be used.

The device tries initially to authenticate users using the first method in the list. If that method fails to respond, the device tries the next method, and so on, until a response is received.

If the AAA server group you want is not listed, click the Create button in the selector to display the AAA Server Group Dialog Box, page F-12. From here you can define a AAA server group object.

Note If you select None as a method, it must appear as the last method in the list.

EXEC Authorization settings

Enable CLI/EXEC

Operations

Authorization

Applies only when AAA is selected as the authentication method.

When selected, EXEC authorization is based on the methods defined in the Prioritized Method List field. This type of authorization determines whether the user is permitted to open an EXEC (CLI) session.

When deselected, the default EXEC authorization list defined in the router’s AAA policy is used. See AAA Page—Authorization Tab, page K-90.

Note If you leave this option deselected, make sure that EXEC authorization is enabled in the router’s AAA policy. Otherwise, you will be unable to connect to the device via HTTP or HTTPS (SSL). This applies to Security Manager as well as other applications, such as SDM and the device’s web interface.

	User Guide for Cisco Security Manager 3.2
K-114	OL-16066-01

Image 114

Cisco Systems OL-16066-01 appendix 114

Contents

Router Platform User Interface Reference CPU Policy Page, page K-107 Dhcp Policy Page, page K-167 NTP Policy Page, page K-174 For more information, see NAT on Cisco IOS Routers, NAT Page-Interface Specification TabNAT Policy Chapter K, Router Platform User Interface Reference Edit Interfaces Dialog Box-NAT Inside Interfaces Related Topics Edit Interfaces Dialog Box-NAT Outside Interfaces Field Reference NAT Page-Static Rules Tab NAT Static Rule Dialog Box Information, see Filtering Tables, Disabling the Alias Option for Attached Subnets, Basic Interface Settings on Cisco IOS Routers,Defining Static NAT Rules, Disabling the Payload Option for Overlapping Networks, Table K-5 NAT Static Rule Dialog Box Table K-5 NAT Static Rule Dialog Box Appendix K Router Platform User Interface Reference NAT Page-Interface Specification Tab, page K-3 NAT Page-Dynamic Rules TabFor more information, see Defining Dynamic NAT Rules, NAT Dynamic Rule Dialog Box Object Selectors, page F-593 F-593 NAT Page-Timeouts Tab Specifying NAT Timeouts, Router Interfaces Table Columns and Column Heading Features, Create Router Interface Dialog Box Enabled Type Name Parent Discontiguous Network Masks, BRI, PRI Isdn Table K-10 Create Router Interface Dialog Box MTU Vlan ID Interface Auto Name Generator Dialog Box Dlci Advanced Interface Settings Available Interface Types, CDP Advanced Interface Settings Dialog Box You can create an interface role object Eguide09186a00804247fc.html Selectors, page F-593For more information, see Understanding Helper Addresses, Cisco Discovery Protocol settings Table K-13 Advanced Interface Settings Dialog Box Fragreassmps6441TSDProductsConfigurationGuideChapter.html VFR00800a3ded.shtml ACL AIM-IPS Interface Settings IPS Monitoring Information Dialog Box Dialer Policy Configuring Dial Backup, Dialer Profile Dialog Box SPID1SPID2 Table K-17 Dialer Profile Dialog Box Dialer Physical Interface Dialog Box Isdn BRI Adsl Policy Adsl on Cisco IOS Routers, Adsl Settings Dialog Box Defining Adsl Settings, PVC Policy Page, page K-54 Supported by each card type may cause deployment to fail Table K-20 Adsl Settings Dialog Box Shdsl Policy Shdsl on Cisco IOS Routers, Edit the selected DSL controller definition Shdsl Controller Dialog Box Defining Shdsl Controllers,Dialog Box, page K-53 User Guide for Cisco Security Manager CPE Table K-22 Shdsl Dialog Box Controller Auto Name Generator Dialog Box PVC Policy PVC OAM PVC IDPVC OAM-PVC PVC Dialog Box Defining ATM PVCs, Table K-25 PVC Dialog Box PVC Dialog Box-Settings Tab, page K-59 PVC. See PVC Dialog Box-QoS Tab, page K-63Inverse ARP. See PVC Dialog Box-Protocol Tab, page K-67 PVC Dialog Box-Settings Tab VPI VCIIlmi PVC Resources are freed for other dial-in users PVC Dialog Box-QoS Tab Dialog Box-Protocol Tab, page K-67PPP Quality of Service Policy Page, page K-199 Understanding Policing and Shaping Parameters, Service Classes, ABRCBR VBR-NRT UBRUBR+ VBR-RT PVC Dialog Box-Protocol Tab Define Mapping Dialog Box PVC Dialog Box, page K-56 Defining ATM PVCs, PVC Advanced Settings Dialog Box Type for the PVC. See PVC Dialog Box-Settings Tab, page K-59 Advanced Settings Dialog Box-OAM-PVC Tab, page K-73 PVC Advanced Settings Dialog Box-OAM TabAdvanced Settings Dialog Box-OAM Tab, page K-70 Go to the PVC Dialog Box, page K-56, then click Advanced PVC Dialog Box, page K-56 Table K-31 PVC Advanced Settings Dialog Box-OAM Tab PVC Advanced Settings Dialog Box-OAM-PVC Tab OAM-PVC tab Table K-32 PVC Advanced Settings Dialog Box-OAM-PVC Tab Table K-32 PVC Advanced Settings Dialog Box-OAM-PVC Tab PPP/MLP Policy Table K-33 PPP/MLP PPP Dialog Box Defining PPP Connections, Connection. See PPP Dialog Box-PPP Tab, page K-80 PPP Dialog Box-PPP Tab Tab, page K-84PPP Dialog Box-MLP Tab, page K-84 Table K-35 PPP Dialog Box-PPP Tab It for other PPP connections on this device Chap Authentication settings PPP Dialog Box-MLP Tab PPP Dialog Box-PPP Tab, page K-80MLP Advance None-Negotiation is conducted without using an endpoint AAA Policy AAA Page-Authentication Tab Defining AAA Services, Predefined AAA Authentication Server Groups, Understanding Method Lists,AAA Server Group Dialog Box, page F-12 AAA Page-Authorization Tab Information, see Filtering Tables, Command Authorization Dialog Box AAA Page-Accounting Tab Table K-41 AAA Page-Accounting Tab See description Table N-91 on page N-131 Command Accounting Dialog Box Server groups configured with TACACS+ Accounts and Credential s Policy Table K-43 Accounts and Credentials User Account Dialog Box 100 User Accounts and Device Credentials on Cisco IOS Routers, Understanding FlexConfig Objects,Defining Accounts and Credential Policies, MD5 Bridging Policy Bridging on Cisco IOS Routers,102 Bridge Group Dialog Box 103 Clock Policy 104 105 106 CPU Policy 107 108 109 Http Policy 110 Http Page-Setup Tab Http and Https on Cisco IOS Routers,111 Http Page-AAA Tab Https112 Http Page-Setup Tab, page K-111 113 114 115 AAA Policy Page, page K-87 Command Authorization Override Dialog BoxHttp Policy Page, page K-110 116 Console Policy 117 Console Page-Setup Tab VTY Line Dialog Box-Setup Tab, page K-132118 119 120 Console Page-Authentication Tab 121 Page-Authentication Tab, page K-88 122 Console Page-Authorization Tab 123 124 Console Page-Accounting Tab 125 126 Page-Accounting Tab, page K-93 127 128 VTY Policy 129 130 VTY Line Dialog Box Line Access on Cisco IOS Routers,Dialog Box-Setup Tab, page K-132 131 Console Page-Setup Tab, page K-118 VTY Line Dialog Box-Setup TabDefining VTY Line Setup Parameters, 132 133 Policy. See Http Page-Setup Tab, page K-111 134 135 VTY Line Dialog Box-Authentication Tab 136 VTY Line Dialog Box-Authorization Tab 137 Page-Authorization Tab, page K-90 138 VTY Line Dialog Box-Accounting Tab 139 140 141 142 Command Authorization Dialog Box-Line Access Console Policy Page, page K-117 VTY Policy Page, page K-129143 Level. See Command Accounting Dialog Box, page K-96 144 Command Accounting Dialog Box-Line Access 145 146 Secure Shell Policy 147 Box-Setup Tab, page K-132 148 Snmp Policy For more information, see Defining Snmp Agent Properties,149 Snmp on Cisco IOS Routers, 150 Permission Dialog Box Generate. See Snmp Traps Dialog Box, page K-155151 Defining Snmp Agent Properties, Trap Receiver Dialog Box, page K-153Snmp Traps Dialog Box, page K-155 152 Trap Receiver Dialog Box Permission Dialog Box, page K-151153 154 Snmp Traps Dialog Box 155 For more information, see Understanding IKE, 156 157 DNS Policy 158 IP Host Dialog Box DNS on Cisco IOS Routers,159 Hostname Policy Hostnames and Domain Names on Cisco IOS Routers,160 For more information, see Defining Router Memory Settings, Memory Policy161 162 Secure Device Provisioning Policy Secure Device Provisioning on Cisco IOS Routers,163 Understanding PKI Enrollment Objects, Administrative Introducers,Secure Device Provisioning Workflow, Click Select to display an Object Selectors, page F-593 165 166 Dhcp on Cisco IOS Routers, Dhcp PolicyFor more information, see Defining Dhcp Policies, 167 To display an Object Selectors, page F-593 Definition, page 9-153and Supported IP Address Formats,168 169 IP Pool Dialog Box, page K-171 Dhcp Database Dialog BoxDefining Dhcp Policies, 170 IP Pool Dialog Box 171 Select to display an Object Selectors, page F-593 172 Ddhhmm 173 NTP Policy For more information, see Defining NTP Servers,174 NTP Server Dialog Box, page K-176 175 NTP Server Dialog Box 176 Policy Page, page K-174 177 K-174 178 802.1x Policy For more information, see Defining 802.1x Policies,179 Or click Add to display an Object Selectors, page F-593 Defined here. See PPP Dialog Box, page K-78180 181 182 Network Admission Control Page-Setup Tab Network Admission Control Policy183 Defining NAC Setup Parameters, 184 Configuration Dialog Box, page K-187 More information, see Working with Access Rules,185 Defining NAC Interface Parameters, Network Admission Control Page-Setup Tab, page K-183Network Admission Control Page-Interfaces Tab 186 NAC Interface Configuration Dialog Box 187 Page, page F-31 188 Network Admission Control Page-Identities Tab Defining NAC Identity Parameters,189 NAC Identity Profile Dialog Box 190 Actions, see NAC Identity Action Dialog Box, page K-191 NAC Identity Action Dialog BoxNAC Identity Action Dialog Box, page K-191 NAC Identity Profile Dialog Box, page K-190 Box, page K-190 Logging Setup PolicyIntercept ACL. See NAC Interface Configuration Dialog Box K-187 193 Information, see -5 on 194 195 196 Syslog Servers Policy For more information, see Defining Syslog Servers,197 Syslog Server Dialog Box XML198 Logging on Cisco IOS Routers, Quality of Service PolicyDefining Syslog Servers, Understanding Network/Host Objects, CIR Defining QoS Policies,Understanding Control Plane Policing, 200 201 202 K-205 Quality of Service on Cisco IOS Routers,QoS Policy Dialog Box 203 204 QoS Class Dialog Box 205 206 Dialog Box-Policing Tab, page K-214 Box-Matching Tab, page K-208Box-Queuing and Congestion Avoidance Tab, page K-212 Tab, page K-217 QoS Class Dialog Box-Matching Tab 208 Classes, page K-210 DscpF-593. For more information, see Edit ACLs Dialog Box-QoS 209 Edit ACLs Dialog Box-QoS Classes Defining QoS Class Matching Parameters,210 QoS Class Dialog Box-Marking Tab 211 QoS Class Dialog Box-Queuing and Congestion Avoidance Tab 212 213 QoS Class Dialog Box-Policing Tab 214 215 216 QoS Class Dialog Box-Shaping Tab 217 218 BGP Routing Policy 219 Supported IP Address Formats, BGP Page-Setup TabDefining BGP Routes, 220 Dialog Box, page K-222 221 Neighbors Dialog Box 222 Redistributing Routes into BGP, BGP Page-Setup Tab, page K-220BGP Page-Redistribution Tab 223 BGP Redistribution Mapping Dialog Box 224 225 Eigrp Page-Setup Tab Eigrp Routing Policy226 Eigrp Setup Dialog Box 227 Defining Eigrp Routes, 228 Edit Interfaces Dialog Box-EIGRP Passive Interfaces Eigrp Page-Setup Tab, page K-226Eigrp Page-Interfaces Tab 229 Defining Eigrp Interface Properties, 230 Systems, see Eigrp Setup Dialog Box, page K-227 Eigrp Interface Dialog Box231 Eigrp Page-Redistribution Tab 232 233 Page-Redistribution Tab, page K-223 Eigrp Redistribution Mapping Dialog BoxRedistributing Routes into EIGRP, 234 235 Ospf Interface Policy 236 237 Ospf Routing on Cisco IOS Routers, Defining Ospf Interface Settings,Ospf Interface Dialog Box 238 239 240 241 Objects, 242 Ospf Process Page-Setup Tab Ospf Process Policy243 Defining Ospf Process Settings, 244 Ospf Setup Dialog Box 245 Ospf Process Page-Setup Tab, page K-243 Edit Interfaces Dialog Box-OSPF Passive Interfaces246 Defining Ospf Area Settings, Ospf Process Page-Area Tab247 Ospf Area Dialog Box 248 Ospf Process Page-Redistribution Tab 249 250 Ospf Redistribution Mapping Dialog Box 251 252 253 K-243 Ospf Max Prefix Mapping Dialog BoxOspf Redistribution Mapping Dialog Box, page K-251 254 RIP Page-Setup Tab RIP Routing Policy255 Defining RIP Setup Parameters, An Object Selectors, page F-593256 RIP Page-Authentication Tab Edit Interfaces Dialog Box-RIP Passive Interfaces257 Defining RIP Interface Authentication Settings, RIP Page-Setup Tab, page K-255258 RIP Authentication Dialog Box 259 Redistribution tab. See RIP Page-Setup Tab, page K-255 RIP Page-Redistribution Tab260 RIP Redistribution Mapping Dialog Box Redistributing Routes into RIP,261 262 Static Routing Policy Static Routing on Cisco IOS Routers,263 Static Routing Dialog Box 264 Defining Static Routes, 265 266 267 268