Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Authorizaton of ASA 5550 with AAA

Hi,

Well I have a ASA which I tried adding in ACS with TACAS+ protocol. I was able to authenticate with my ACS user but was unable to run any command which says "Command Authorization Failed".

The ASA configuration is attached for reference.

I have one doubt also as whether it is possible to have authorizaton of ASA with RADIUS protocol.

Thanks in advance

Ritesh

2 REPLIES
Cisco Employee

Re: Authorizaton of ASA 5550 with AAA


Ritesh:


On the TACACS+ server, configure the commands that a user or group can use after they authenticate for CLI access. Every command that a user enters at the CLI is checked with the TACACS+ server. Looks like you haven't configured any shell command set on the ACS.


Here is a Doc that helps you configuring command set on ACS:


http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml


Also, radius doesn't support command authorization.


Let me know if you have any query/concern.



Regards,

JK


Plz rate helpful posts-

~BR Jatin Katyal **Do rate helpful posts**
Cisco Employee

Re: Authorizaton of ASA 5550 with AAA

Also, if you just want to authenticate you user with RADIUS when doing telent and you don't want to authorize on a per command basis you can remove the "aaa authorization command CACS LOCAL" command.

I hope it helps.

PK

497
Views
0
Helpful
2
Replies
CreatePlease to create content