August 21, 2009
configure privilege access levels on cisco asa
there are 4 steps involved in this :
- enable command authorization ( LOCAL in this case means , keep the command authorization configuration on the firewall ) :
aaa authorization command LOCAL
- define commands you want to use on a certain level, for example these commands will enable a user in privilege level 5 to view and clear crypto tunnels
privilege show level 5 command crypto
privilege clear level 5 command crypto
- create a user and assign the privilege level to her/him :
username userName password userPass privilege 5
- create an enable password for the new privilege level :
enable password enablePass level 5
now when the user logs in she/he can type :
enable 5
enter the password from step for and they will be able to run the above crypto commands.
here’s a link to the cisco KB.