Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Exception for AAA

Hi, I am using RADIUS for AAA authentication. Authentication is configured for device access. I want to know if i will be able to put an exception i.e. i want one user to be authenticated locally (local username and passwowrd) on a firewall(ASA 5500), while others to be authenticated by AAA. If it is possible, how do it do it?

4 REPLIES

Re: Exception for AAA

AFAIK no. Why would you want to do that anyway? That's a security hole.

Community Member

Re: Exception for AAA

Ok. I have Cisco Security Manager, Cisco MARS, LMS and VMS in my network. Now, the requirement is something like this:

Everyone (including CSM) accessing devices like firewalls, routers, switchces, IPS Sensors should be authenticated by the ACS.

But when I went throught the CSM documentation I understood that the best way for CSM to logon to the firewall is by a local user.

Hence I an looking for a mechanism for the CSM only to bypass the AAA authentication while the network administrators being authenticated by the AAA.

Regards,

Rishikesh Khedkar

Re: Exception for AAA

What we did was create a local user account in ACS. That way the user account is still AAA'd and you can set the password to no expiry, limit the access, etc.

HTH

Community Member

Re: Exception for AAA

Thanks,

Regards,

Rishikesh Khedkar

149
Views
0
Helpful
4
Replies
CreatePlease to create content