Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

47-3

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 47 Configuring Device Administration Policies on Firewall Devices

About AAA on Security Devices

HTTP Form protocol supports single sign-on authentication for WebVPN users only.

For firewall sessions, RADIUS authorization is supported with user-specific ACLs only, which are

received or specified in a RADIUS authentication response.

Local command authorization is supported by privilege level only.

Local Database

The security appliance maintains a Local database that you can populate with user accounts, which

contain, at a minimum, a user name. Typically, you assign a password and a privilege level to each user

name, although passwords are optional. You can manage Local user accounts on the Platform > Device

Admin > User Accounts page (see Configuring User Accounts, page 50-6).

If you enable command authorization using the Local database, the security appliance refers to the

assigned user privilege level to determine what commands are available. By default, all commands are

assigned either privilege level 0 or level 15.

Note If you add users to the Local database with access to the CLI and whom you do not want to enter

privileged mode, you should enable command authorization. Without command authorization, users can

access privileged mode (and all commands) at the CLI using their own password if their privilege level

is 2 or greater (2 is the default). Alternatively, you can use RADIUS or TACACS+ authentication for

console access so the user will not be able to use the login command, or you can set all local users to

level 1 so you can control who can use the system enable password to access privileged mode.

You cannot use the local database for network access authorization.

The user accounts in the Local database can provide fallback support for console and enable-password

authentication, for command authorization, and for VPN authentication and authorization. This behavior

is designed to help you prevent accidental lock-out from the security appliance.

VPN

users

Yes Yes No No No No Yes No

Firewall

sessions

No Yes

YesNoNoNoNoNo

Administ

rators

Yes

NoYesNoNoNoNoNo

Accounting of...

VPN

connectio

No Yes Yes No No No No No

Firewall

sessions

No Yes Yes No No No No No

Administ

rators

No Yes Yes No No No No No

Table 47-1 Summary of AAA Support (Continued)

AAA

Service

Database Type

Local RADIUS TACACS+ SDI NT Kerberos LDAP

HTTP

Form

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems CL-28826-01 Security Camera User Manual