6509-FWSM-AAA

william · ‎05-12-2009

Hi all,

I need some advice on how to configure RBAC when it comes to the management of a 6509 with FWSM. We have two ops teams providing outsource services and we require to keep the Network admins from accessing the FWSM using ACS. I just can't seem to get any info on this but it is for compliance reasons that we need to keep the roles of network admin and security admins completely seperated.

Any thoughts on this will be greatly appreciated.

Will.

sachinga.hcl · ‎05-12-2009

HI William,

Role-based Access Control on FWSM modlue can be implemented by Integration with Cisco ACS for granular, role-based access control to devices and management functions.

In Cisco FWSM you can implement role based access control by implementing ACS along with your FWSM. There is no separate role based facility available as on other cisco devices like cisco WAAS or Cisco ACE modules / ACE appliances.

Here is the link where you can find full exaple in this regard:

ACS Shell Command Authorization Sets on IOS and ASA/PIX/FWSM Configuration Example

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml

You can use asa example for setting command for TACACS+ to make ACS enable using following link as i cant post diagrams here:

http://www.ciscoasa.com/configuring-aaa-authentication-on-cisco-asa-firewall/

Kindly rate if you find it any useful for you and further if you need any sample config other then this example then tell me. I would like to write it for you. Keep in touch.

sachin garg

william · ‎05-13-2009

Thanks Sachin.

I will look at the documentation and get back to you if need be.

Cheers.