Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
963
Views
5
Helpful
1
Replies

ASA Authorization commands

Go to solution
robbo79871
Level 1
Level 1

‎07-18-2019 01:27 AM

Okay so let me start off by saying that i know my way around an ASA and today i foud myself wanting to properly differentiate between all the authorization commands. So far as i can tell there is only 2 that useful and have any sort of impact.

First one being:

 

aaa authorization command LOCAL..............This will check all commands being issued either on the cli and in ASDM if you've either explicitly setup custom privilege commands or not. The other command being:

 

aaa authorization exec LOCAL auto-enable.......This will put the user into privilege exec mode if they've the correct credentials and bypass having to enter the enable secret password.

The one command that looks almost useless that i've tested under every circumstance is:

 

aaa authorization http console LOCAL................I cannot for the life of me seem to see where this works. Clearly it's implied it is something to do with the ASDM and commands on there but it never does anything under any circumstance. Can anyone shed some intel/light on it thanks :)

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎07-20-2019 04:49 PM - edited ‎07-20-2019 04:52 PM

aaa authorization http console LOCAL................I cannot for the life of me seem to see where this works. Clearly it's implied it is something to do with the ASDM and commands on there but it never does anything under any circumstance. Can anyone shed some intel/light on it thanks :)

See New Features in ASA 9.4(1)/ASDM 7.4(1) on Administrative Features > ASDM management authorization

You can now configure management authorization separately for HTTP access vs. Telnet and SSH access. We introduced the following command: aaa authorization http console. We modified the following screen: Configuration > Device Management > Users/AAA > AAA Access > Authorization

 

View solution in original post

1 Reply 1

Go to solution
hslai
Cisco Employee
Cisco Employee

‎07-20-2019 04:49 PM - edited ‎07-20-2019 04:52 PM

aaa authorization http console LOCAL................I cannot for the life of me seem to see where this works. Clearly it's implied it is something to do with the ASDM and commands on there but it never does anything under any circumstance. Can anyone shed some intel/light on it thanks :)

See New Features in ASA 9.4(1)/ASDM 7.4(1) on Administrative Features > ASDM management authorization

You can now configure management authorization separately for HTTP access vs. Telnet and SSH access. We introduced the following command: aaa authorization http console. We modified the following screen: Configuration > Device Management > Users/AAA > AAA Access > Authorization

 

Customers Also Viewed These Support Documents