On a Cisco ASA is there any way to provide a user with access to admin features (view/change the config) without providing the main enable password?
Asked
Active
Viewed 4,614 times
2 Answers
2
You could use the local user database on the ASA applicance to create usernames and passwords with the privilege levels you want the users to have upon login.
Here is how to create local users:
hostname>enable
hostname#configure terminal
hostname(config)#username [UserName] privilege 15 password [PasswordHere] //privilege level 15 is root (admin) access.
//The below commands make sure the username/password login method will apply to both console and vty lines. If you have an AUX port make sure to include it aswell.
hostname(config)#line con 0
hostname(config-line)#login local
hostname(config-line)#exit
hostname(config)#line vty 0 15
hostname(config-line)#login local
hostname(config-line)#exit
hostname(config)#exit
The above is just a sample configuration. If you are not to expirienced with the command line make sure to check the documentation if you are unsure about what a command does.
-
1This works for router and switches but not ASAs. – evolvd Nov 14 '11 at 14:51
0
When you log in from a TACACS account, you have to type your own password twice (once at connection and once at enable). I imagine this works as well for RADIUS accounts.
Antoine Benkemoun
- 7,314
- 3
- 42
- 60