All Cisco-Network Study Notes: Configuring Bounded Animate Authentication

Configuring Bounded Animate Authentication

If you are configuring the PIX firewall to use a bounded database to authenticate

users attempting to admission the firewall itself, you should use the following

command to ascertain users on the firewall:

username {nopassword | countersign [encrypted]}

[privilege ]

Specify the username that you appetite to accredit to the user. Use the nopassword

keyword to actualize a bounded annual with no password. Use the countersign keyword to

assign a countersign to a bounded account, and specify the password. If the password

that you are allegorical is already encrypted, use the encrypted keyword.To accredit a

privilege akin to the user account, use the advantage keyword and specify the

desired akin amid 0 and 15. Advantage levels are discussed in detail after in this

chapter.To annul a user, use the afterward command:

no username

To appearance a annual of configured usernames, use the afterward command:

show username []

To abolish the absolute user database, use the bright username command in

Configuration mode.

Once you accept authentic the bounded users, you charge to specify that the local

database should be acclimated for the assorted admission methods by active the

following command:

aaa affidavit [serial | accredit | telnet | ssh | http] animate LOCAL

www.syngress.com

244 Chapter 5 • Authentication, Authorization, and Accounting

NOTE

The appellation animate actuality does not beggarly the animate anchorage on the PIX firewall.

It refers to any authoritative affair to the PIX firewall, such as

SSH or HTTP.

Use the serial, enable, telnet, ssh, or http keywords to specify the admission method

that requires authentication. For example, you can affair the afterward commands

to authorize a bounded user annual and specify that the bounded database should be used

when a user attempts to admission the PIX firewall via Telnet, SSH, or HTTP (PDM):

PIX1(config)# username pixadm countersign pixpassword

PIX1(config)# aaa affidavit telnet animate LOCAL

PIX1(config)# aaa affidavit ssh animate LOCAL

PIX1(config)# aaa affidavit http animate LOCAL

The accredit and SSH admission methods acquiesce three tries afore abstinent authentication.

Serial and Telnet abide to alert the user until a acknowledged login

takes place.