60-33
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 60 Router Device Administration
HTTP Policy Page
Field Reference
Table 60-14 HTTP Page—AAA Tab
Element Description
Authenticate Using The type of authentication to use:
• AAA—Performs AAA login authentication.
• Enable Password—Uses the enable password configured on the
router. This is the default.
• Local Database—Uses the local username database configured on
the router.
• TACACS—Uses the TACACS or XTACACS server configured on
the router. Applies only to devices using an IOS software version
prior to 12.3(8) or 12.3(8)T.
Login Authentication settings
Enable Device Login
Authentication
Applies only when AAA is selected as the authentication method.
When selected, authentication is based on the methods defined in the
Prioritized Method List field.
When deselected, the default authentication list defined in the router’s
AAA policy is used. See AAA Page—Authentication Tab, page 60-6.
Prioritized Method List Applies only when the Enable Device Login Authentication check box
is selected.
Defines a sequential list of methods to be queried when authenticating
a user. Enter the names of one or more AAA server group objects (up
to four), or click Select to select them. Use the up and down arrows in
the object selector to define the order in which the selected server
groups should be used. If the object that you want is not listed, click the
Create button to create it.
The device tries initially to authenticate users using the first method in
the list. If that method fails to respond, the device tries the next method,
and so on, until a response is received.
Note If you select None as a method, it must appear as the last
method in the list.
EXEC Authorization settings
Enable CLI/EXEC
Operations Authorization
Applies only when AAA is selected as the authentication method.
When selected, EXEC authorization is based on the methods defined in
the Prioritized Method List field. This type of authorization determines
whether the user is permitted to open an EXEC (CLI) session.
When deselected, the default EXEC authorization list defined in the
router’s AAA policy is used. See AAA Page—Authorization Tab,
page 60-7.
Note If you leave this option deselected, make sure that EXEC
authorization is enabled in the router’s AAA policy. Otherwise,
you will be unable to connect to the device via HTTP or HTTPS
(SSL). This applies to Security Manager as well as other
applications, such as SDM and the device’s web interface.