1-27
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring AAA Servers and the Local Database
Configuring AAA
Step 2
aaa authorization exec authentication-server
Example:
hostname(config)# aaa authorization exec
authentication-server
(Optional) Enforces user-specific access levels for users
who authenticate for management access (see the aaa
authentication console LOCAL command). This
command enables management authorization for local,
RADIUS, LDAP (mapped), and TACACS+ users.
Use the aaa authorization exec LOCAL command to
enable attributes to be taken from the local database. See
the “Limiting User CLI and ASDM Access with
Management Authorization” section on page 1-22 for
information about configuring a user on a AAA server to
accommodate management authorization.
See the following prerequisites for each user type:
• Configure local database users at a privilege level
from 0 to 15 using the username command.
Configure the level of access using the service-type
command.
• Configure RADIUS users with Cisco VSA
CVPN3000-Privilege-Level with a value between 0
and 15.
• Configure LDAP users with a privilege level
between 0 and 15, and then map the LDAP attribute
to Cisco VAS CVPN3000-Privilege-Level using the
ldap map-attributes command.
• See the privilege command for information about
setting command privilege levels.
Command Purpose
To Next Page
Loading...
