60-37
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 60 Router Device Administration
Line Access on Cisco IOS Routers
Defining Console Port AAA Settings
By default, authentication, authorization, and accounting are not performed on the console port. When
you configure one or more of these access control options, you can either make use of the default method
lists defined in the device’s AAA policy or define a custom method list containing one or more AAA
methods.
Related Topics
• Defining Console Port Setup Parameters, page 60-35
• Line Access on Cisco IOS Routers, page 60-35
Step 1 Do one of the following:
• (Device view) Select Platform > Device Admin > Device Access > Line Access > Console from
the Policy selector, then click the Authentication tab in the work area.
• (Policy view) Select Router Platform > Device Admin > Device Access > Line Access > Console
from the Policy Type selector. Select an existing policy or create a new one, and then click the
Authentication tab.
The Console Authentication tab is displayed.
Step 2 (Optional) Select the authentication method to perform on users who attempt to access the console line.
See Table 60-17 on page 60-45 for a description of the fields on the Authentication tab.
Note If you select local authentication, preview the full configuration before deployment to make sure
that the aaa new-model command is not configured by another policy (for example, by
configuring a method list in the AAA policy) or is already configured on the device itself.
Step 3 (Optional) On the Authorization tab, select the authorization method to perform on users who access the
console line and begin an EXEC session.
See Table 60-18 on page 60-46 for a description of the fields on the Authorization tab.
Note RADIUS uses the same server for authentication and authorization. Therefore, if you use define
a RADIUS method list for authentication, you must define the same method list for
authorization.
Step 4 (Optional) Create command authorization definitions for specific privilege levels:
a. Click the Add button under the Commands Authorization table. The Command Authorization dialog
box is displayed. See Table 60-26 on page 60-61 for details.
b. Configure the command authorization definition as required.
c. Click OK. The dialog box closes and the authorization method is displayed in the Commands
Authorization table.
d. Repeat a. through c. to create additional command authorization definitions.
Step 5 (Optional) On the Accounting tab, select the EXEC and connection accounting methods to perform on
users who access the console line.
See Table 60-19 on page 60-47 for a description of the fields on this tab.