Cisco Preparative Procedures & Operational User Guide
© 2016 Cisco Systems, Inc. All rights reserved.
You can enter any standard ASCII characters except for space, § (section sign), ? (question mark), or
= (equal sign).
To set the password, press Enter after typing the set password command and enter the key value at
the prompt.
9) (Optional) Specify the order in which the Firepower eXtensible Operating System uses this provider
to authenticate users:
Firepower-chassis /security/ldap/server # set order order-num
10) (Optional) Specify the port used to communicate with the LDAP server. The standard port number is
389.
Firepower-chassis /security/ldap/server # set port port-num
11) Enable or disable the use of encryption when communicating with the LDAP server:
Firepower-chassis /security/ldap/server # set ssl {yes | no}
The options are as follows:
• yes —Encryption is required. If encryption cannot be negotiated, the connection fails.
• no —Encryption is disabled. Authentication information is sent as clear text.
LDAP uses STARTTLS. This allows encrypted communication using port 389.
NOTE: In the evaluated configuration, LDAP must be tunneled over IPsec.
12) Specify the length of time in seconds the system should spend trying to contact the LDAP database
before it times out:
Firepower-chassis /security/ldap/server # set timeout timeout-num
Enter an integer from 1 to 60 seconds, or enter 0 (zero) to use the global timeout value specified for
LDA providers. The default is 30 seconds.
13) Specify the vendor that is providing the LDAP provider or server details:
Firepower-chassis /security/ldap/server # set vendor {ms-ad | openldap}
The options are as follows:
• ms-ad—LDAP provider is Microsoft Active Directory
• openldap—LDAP provider is not Microsoft Active Directory
14) Commit the transaction to the system configuration:
Firepower-chassis /security/ldap/server # commit-buffer
4.4.4 Configure RADIUS via CLI
1) Enter security mode:
Firepower-chassis# scope security
2) Enter security RADIUS mode:
Firepower-chassis /security # scope radius
3) Create a RADIUS server instance and enter security RADIUS server mode:
To Next Page
Loading...
Need help?
General
