12-18-2007 01:40 AM - edited 03-10-2019 03:34 PM
Hi, I am using RADIUS for AAA authentication. Authentication is configured for device access. I want to know if i will be able to put an exception i.e. i want one user to be authenticated locally (local username and passwowrd) on a firewall(ASA 5500), while others to be authenticated by AAA. If it is possible, how do it do it?
12-18-2007 07:29 AM
AFAIK no. Why would you want to do that anyway? That's a security hole.
12-18-2007 09:44 AM
Ok. I have Cisco Security Manager, Cisco MARS, LMS and VMS in my network. Now, the requirement is something like this:
Everyone (including CSM) accessing devices like firewalls, routers, switchces, IPS Sensors should be authenticated by the ACS.
But when I went throught the CSM documentation I understood that the best way for CSM to logon to the firewall is by a local user.
Hence I an looking for a mechanism for the CSM only to bypass the AAA authentication while the network administrators being authenticated by the AAA.
Regards,
Rishikesh Khedkar
12-18-2007 10:25 AM
What we did was create a local user account in ACS. That way the user account is still AAA'd and you can set the password to no expiry, limit the access, etc.
HTH
12-19-2007 01:26 AM
Thanks,
Regards,
Rishikesh Khedkar
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: