1-24
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Management Access
Configuring AAA for System Administrators
Configuring Command Authorization
If you want to control access to commands, the ASA lets you configure command authorization, where
you can determine which commands that are available to a user. By default when you log in, you can
access user EXEC mode, which offers only minimal commands. When you enter the enable command
(or the login command when you use the local database), you can access privileged EXEC mode and
advanced commands, including configuration commands.
You can use one of two command authorization methods:
• Local privilege levels
• TACACS+ server privilege levels
For more information about command authorization, see the “Information About Command
Authorization” section on page 1-16.
This section includes the following topics:
• Configuring Local Command Authorization, page 1-24
• Viewing Local Command Privilege Levels, page 1-28
• Configuring Commands on the TACACS+ Server, page 1-29
• Configuring TACACS+ Command Authorization, page 1-30
Configuring Local Command Authorization
Local command authorization lets you assign commands to one of 16 privilege levels (0 to 15). By
default, each command is assigned either to privilege level 0 or 15. You can define each user to be at a
specific privilege level, and each user can enter any command at the assigned privilege level or below.
To Next Page
Loading...
Need help?
General
