Exception for AAA

Unanswered Question
Dec 18th, 2007

Hi, I am using RADIUS for AAA authentication. Authentication is configured for device access. I want to know if i will be able to put an exception i.e. i want one user to be authenticated locally (local username and passwowrd) on a firewall(ASA 5500), while others to be authenticated by AAA. If it is possible, how do it do it?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Tue, 12/18/2007 - 07:29

AFAIK no. Why would you want to do that anyway? That's a security hole.

rishikesh_khedkar Tue, 12/18/2007 - 09:44

Ok. I have Cisco Security Manager, Cisco MARS, LMS and VMS in my network. Now, the requirement is something like this:

Everyone (including CSM) accessing devices like firewalls, routers, switchces, IPS Sensors should be authenticated by the ACS.

But when I went throught the CSM documentation I understood that the best way for CSM to logon to the firewall is by a local user.

Hence I an looking for a mechanism for the CSM only to bypass the AAA authentication while the network administrators being authenticated by the AAA.


Rishikesh Khedkar

Collin Clark Tue, 12/18/2007 - 10:25

What we did was create a local user account in ACS. That way the user account is still AAA'd and you can set the password to no expiry, limit the access, etc.



This Discussion