Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
675
Views
0
Helpful
2
Replies

FMC external authentication for CLI access to managed devices.

revenant
Level 1
Level 1

‎09-19-2023 02:45 AM

Hi all, I need some confirmation or experience sharing regarding FMC external authentication for CLI access to managed devices.

It seems that starting from FTD 7.x the only way to get this working is to specify the list of users for CLI access in FMC under Configuration -> Users -> given External Authentication Object -> CLI Access Filter. 

In the past, I was able to get this working be returning Radius AV pair Service-Type = 6. I still have some FTD 6.6.x devices in the LAB and indeed it is working without specifying anything in the FMC. 

I just want to double check with the community if this is by design or I missed something in the documentation.

Honestly this is weird and it completely beats the principle of single point of policy definition (AAA server). 

Thank you.

0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-19-2023 05:47 AM

Yes - you must create the accounts in FMC and designate them as having external authentication.

0 Helpful

Eric R. Jones
Level 4
Level 4

‎09-19-2023 01:59 PM

Interesting, that's the only way we got it to work. We started on 6.6.X and without the local usernames it failed.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card