Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
706
Views
0
Helpful
2
Replies

Authorizaton of ASA 5550 with AAA

riteshmalpani
Level 1
Level 1

‎01-06-2010 03:43 AM - edited ‎03-10-2019 04:52 PM

Hi,

Well I have a ASA which I tried adding in ACS with TACAS+ protocol. I was able to authenticate with my ACS user but was unable to run any command which says "Command Authorization Failed".

The ASA configuration is attached for reference.

I have one doubt also as whether it is possible to have authorizaton of ASA with RADIUS protocol.

Thanks in advance

Ritesh

Labels:
37492-asa config.txt.zip
0 Helpful
2 Replies 2

Jatin Katyal
Cisco Employee
Cisco Employee

‎01-06-2010 05:48 AM


Ritesh:


On the TACACS+ server, configure the commands that a user or group can use after they authenticate for CLI access. Every command that a user enters at the CLI is checked with the TACACS+ server. Looks like you haven't configured any shell command set on the ACS.


Here is a Doc that helps you configuring command set on ACS:


http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml


Also, radius doesn't support command authorization.


Let me know if you have any query/concern.



Regards,

JK


Plz rate helpful posts-

~Jatin
0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee

‎01-07-2010 06:53 AM

Also, if you just want to authenticate you user with RADIUS when doing telent and you don't want to authorize on a per command basis you can remove the "aaa authorization command CACS LOCAL" command.

I hope it helps.

PK

0 Helpful
Customers Also Viewed These Support Documents