Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Authorization RADIUS - read-only user on FWSM

Hi support community,

I am experiencing an issue while trying to create some read-only users on my FWSM.

I've setup the authentication on my RADIUS Server, which works fine, and put the aaa authorization command LOCAL  command.

I've also set the commands - associated priviege :

privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege


All this things works great when i authenticate locally on the FWSM.

However, this is not working whe authenticating via the RADIUS server:

aaa authentication enable console MY_RADIUS LOCAL
aaa authentication http console MY_RADIUS LOCAL
aaa authentication ssh console MY_RADIUS LOCAL

And i set up the authorization locall, because i dont run any TACACS server :

aaa authorization command LOCAL 

I managed to make this work on ASA, by sending RADIUS attributes (cf a document that i can't find anymore...).

So what are exactly the differences between asa and FWSM ?

On my ASA there was a command i could not run on the FWSM :

aaa authorization exec authentication-server

(i am running version 4.1 on FWSM and 8.4 on ASA).

Thank you for your help.


Everyone's tags (3)