Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

Trouble with AAA authorization

Hi there. I'm trying to setup AAA on an ASA 5510. I've got an ISA server setup and AAA authentication is working properly. Is there any way to have the ASA recognize a username and assign an appropriate Privilege level? As far as I can tell it gives you level 15 once you authentication properly.

If ISA can't do this, what's the recommended path to accomplish this, keeping in mind that I can't afford the Cisco ACS software.

Thanks in advance!

2 REPLIES
Bronze

Re: Trouble with AAA authorization

Ah I guess you're using a named authorization method rather than the default one which is why it need applying to the VTY lines. The default method would apply to all lines where not already configured.

Try this:

ROUTER#config t

Enter configuration commands, one per line. End with CNTL/Z.

ROUTER(config)#line vty 0 4

ROUTER(config-line)#privilege level 15

ROUTER(config-line)#end

ROUTER#

http://cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml#intro

Bronze

Re: Trouble with AAA authorization

Thanks for the response. It looks like your code example is for a router... I'm looking for some assistance with a PIX/ASA. I tried adding the command "aaa authorization include telnet inside x.x.x.x x.x.x.x" and it returned "Authorization is not supported in RADIUS."

Does anyone have an easy to use/easy to implement Tacacs server that is not thousands of dollars?

124
Views
0
Helpful
2
Replies