Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

60-7

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 60 Router Device Administration

AAA Policy Page

Navigation Path

Go to the AAA Policy Page, page 60-6, then click the Authentication tab.

Related Topics

• Defining AAA Services, page 60-4

• Understanding Method Lists, page 60-3

• AAA Server Group Dialog Box, page 6-46

• Predefined AAA Authentication Server Groups, page 6-28

Field Reference

AAA Page—Authorization Tab

Use the Authorization tab of the AAA page to define the type of authorization services to enable on the

device and the methods to use for each type. Security Manager supports the following types of

authorization:

• Network—Authorizes various types of network connections, such as PPP.

• EXEC—Authorizes the launching of EXEC sessions.

Table 60-2 AAA Page—Authentication Tab

Element Description

Enable Device Login

Authentication

When selected, enables the authentication of all users when they log in

to the device, using the methods defined in the method list.

When deselected, authentication is not performed.

Prioritized Method List Defines a sequential list of methods to be queried when authenticating

a user. Enter the names of one or more AAA server group objects (up

to four), or click Select to select them. Use the up and down arrows in

the object selector to define the order in which the selected server

groups should be used. If the object that you want is not listed, click the

Create button to create it.

The device tries initially to authenticate users using the first method in

the list. If that method fails to respond, the device tries the next method,

and so on, until a response is received.

Supported methods include Line, Local, Kerberos, LDAP, RADIUS,

TACACS+, and None.

Note If you select None as a method, it must appear as the last

method in the list.

Maximum Number of

Attempts

The maximum number of unsuccessful authentication attempts before

a user is locked out. This feature is disabled by default. Valid values

range from 1 to 65535.

Note From the standpoint of the user, there is no distinction between

a normal authentication failure and an authentication failure

due to being locked out. The system administrator has to

explicitly clear the status of a locked-out user using clear

commands.

previous next