Filter
Top Products
60-5
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 60 Router Device Administration
AAA on Cisco IOS Routers
Note If you select None as a method, it must appear as the last method in the list.
Step 3 (Optional) In the Maximum Number of Attempts field, define the maximum number of unsuccessful
authentication attempts to allow before a user is locked out.
Step 4 (Optional) Define which authorization methods to use on users who have been successfully
authenticated:
a. Click the Authorization tab on the AAA page. See Table 60-3 on page 60-8 for a description of the
fields on this tab.
b. Define method lists for one or more of the following types of authorization:
• Network
• EXEC
• Command—Click the Add button to display the Command Authorization dialog box (see
Command Authorization Dialog Box, page 60-9). From here, you can select a privilege level
and the method list to apply to it.
For more information about these authorization types, see Supported Authorization Types,
page 60-2.
Note RADIUS uses the same server for authentication and authorization. Therefore, if you use
define a RADIUS method list for authentication, you must define the same method list for
authorization.
Step 5 (Optional) Define which accounting methods to use on the activities performed by users:
a. Click the Accounting tab on the AAA page. See Table 60-5 on page 60-11 for a description of the
fields on this tab.
b. Define method lists for one or more of the following types of accounting:
• Connection
• EXEC
• Command—Click the Add button to display the Command Accounting dialog box (see
Command Accounting Dialog Box, page 60-12). From here, you can select a privilege level and
the method list to apply to it.
For more information about these accounting types, see Supported Accounting Types, page 60-3.
c. For each accounting type defined above, select a value from the Accounting Process Notices list.
This defines when to create an accounting record, at the beginning and end of the user process or
only at the end.
d. For each accounting type defined above, select the Enable broadcast to multiple servers check box
if you want accounting information sent simultaneously to the first server in each AAA server group
defined in the method list.