Cisco 7604 Configuration Guide - Page 533
CLI Access Overview, Authenticating Sessions from the Switch to the FWSM
View all Cisco 7604 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 533 highlights
Chapter 23 Configuring Management Access AAA for System Administrators • Authenticating Sessions from the Switch to the FWSM, page 23-11 • Enabling CLI or ASDM Authentication, page 23-12 CLI Access Overview Before the FWSM can authenticate a Telnet or SSH user, you must first configure access to the FWSM using the telnet or ssh commands (see the "Allowing Telnet Access" section on page 23-1 and "Allowing SSH Access" section on page 23-2). These commands identify the IP addresses that are allowed to communicate with the FWSM. The exception is for access to the system in multiple context mode; a session from the switch to the FWSM is a Telnet session, but the telnet command is not required. After you connect to the FWSM, you log in and access user EXEC mode. • If you do not enable any authentication for Telnet, you do not enter a username; you enter the login password (set with the password command). For SSH, you enter "pix" as the username, and enter the login password. • If you enable Telnet or SSH authentication according to this section, you enter the username and password as defined on the AAA server or local user database. To enter privileged EXEC mode, enter the enable command or the login command (if you are using the local database only). • If you do not configure enable authentication, enter the system enable password when you enter the enable command (set by the enable password command). However, if you do not use enable authentication, after you enter the enable command, you are no longer logged in as a particular user. To maintain your username, use enable authentication. • If you configure enable authentication (see the "Configuring Authentication for the Enable Command" section on page 23-13), the FWSM prompts you for your username and password. For authentication using the local database, you can use the login command, which maintains the username but requires no configuration to turn on authentication. ASDM Access Overview By default, you can log into ASDM with a blank username and the enable password set by the enable password command. However, if you enter a username and password at the login screen (instead of leaving the username blank), ASDM checks the local database for a match. Although you can configure HTTP authentication according to this section and specify the local database, that functionality is always enabled by default. You should only configure HTTP authentication if you want to use a RADIUS or TACACS+ server for authentication. Authenticating Sessions from the Switch to the FWSM In multiple context mode, you cannot configure any AAA commands in the system configuration. However, if you configure Telnet authentication in the admin context, then authentication also applies to sessions from the switch to the FWSM (which enters the system execution space). The admin context AAA server or local user database are used in this instance. OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 23-11