Filter
Top Products
60-30
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 60 Router Device Administration
HTTP and HTTPS on Cisco IOS Routers
Step 4 (Optional) In the Allow Connection From field, enter the name of the standard, numbered ACL object
that specifies which addresses can use HTTP and HTTPS on this device, or click Select to select the ACL
object from a list or to create a new one. Use this option to restrict access to these protocols. For more
information about creating standard ACL objects, see Creating Standard Access Control List Objects,
page 6-51
Note Make sure that the ACL you select permits the Security Manager server; otherwise,
communication with the device is lost.
Step 5 (Optional) On the AAA tab, modify the default type of authentication to perform on users who attempt
to access the device using HTTP or HTTPS. Options include AAA, Enable Password (default), Local
Database, and TACACS.
If you select AAA, continue with Step 6; otherwise, continue with Step 8.
Note The TACACS option applies only to devices using an IOS software version prior to 12.3(8).
See Table 60-14 on page 60-33 for a description of the fields on the AAA tab.
Step 6 Select the authentication method to perform on users:
• If you want to use the default AAA login authentication methods defined in the device’s AAA policy
(see Defining AAA Services, page 60-4), do not select the Enable Device Login Authentication
check box. Continue with Step 7.
• If you want to define a method list especially for this policy, do the following:
a. Select the Enable Device Login Authentication check box.
b. Under Prioritized Method List, enter the names of the AAA server groups to use for authentication,
or click Select to select the AAA server groups from a list or to create new ones. Use the up and
down arrows in the selector to define the order in which you want to apply these authentication
methods.
Note Make sure that Security Manager users are defined on the AAA servers; otherwise
communication with the device is lost.
Step 7 Select the authorization method to perform on users who use HTTP or HTTPS to begin an EXEC
session:
• If you want to use the default AAA authorization methods defined in the device’s AAA policy, do
not select the Enable CLI/EXEC Operations Authorization check box. Continue with Step 8.
• If you want to define a method list especially for this policy, select the Enable CLI/EXEC
Operations Authorization check box, then define the method list.
Note If you leave this option deselected, make sure that EXEC authorization is enabled in the router’s
AAA policy. Otherwise, you will be unable to connect to the device via HTTP or HTTPS (SSL).
This applies to Security Manager as well as other applications, such as SDM. See Defining AAA
Services, page 60-4.