cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
948
Views
5
Helpful
1
Replies

ASA Authorization commands

robbo79871
Level 1
Level 1

Okay so let me start off by saying that i know my way around an ASA and today i foud myself wanting to properly differentiate between all the authorization commands. So far as i can tell there is only 2 that useful and have any sort of impact.

First one being:

 

aaa authorization command LOCAL..............This will check all commands being issued either on the cli and in ASDM if you've either explicitly setup custom privilege commands or not. The other command being:

 

aaa authorization exec LOCAL auto-enable.......This will put the user into privilege exec mode if they've the correct credentials and bypass having to enter the enable secret password.

The one command that looks almost useless that i've tested under every circumstance is:

 

aaa authorization http console LOCAL................I cannot for the life of me seem to see where this works. Clearly it's implied it is something to do with the ASDM and commands on there but it never does anything under any circumstance. Can anyone shed some intel/light on it thanks :)

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

aaa authorization http console LOCAL................I cannot for the life of me seem to see where this works. Clearly it's implied it is something to do with the ASDM and commands on there but it never does anything under any circumstance. Can anyone shed some intel/light on it thanks :)

See New Features in ASA 9.4(1)/ASDM 7.4(1) on Administrative Features > ASDM management authorization

You can now configure management authorization separately for HTTP access vs. Telnet and SSH access. We introduced the following command: aaa authorization http console. We modified the following screen: Configuration > Device Management > Users/AAA > AAA Access > Authorization

 

View solution in original post

1 Reply 1

hslai
Cisco Employee
Cisco Employee

aaa authorization http console LOCAL................I cannot for the life of me seem to see where this works. Clearly it's implied it is something to do with the ASDM and commands on there but it never does anything under any circumstance. Can anyone shed some intel/light on it thanks :)

See New Features in ASA 9.4(1)/ASDM 7.4(1) on Administrative Features > ASDM management authorization

You can now configure management authorization separately for HTTP access vs. Telnet and SSH access. We introduced the following command: aaa authorization http console. We modified the following screen: Configuration > Device Management > Users/AAA > AAA Access > Authorization