Several useful commands can help you view and confirm that your AAA services are configured correctly. Table 10.7 displays some of these. Table 10.7. General AAA Commands
Authentication PromptsThe authentication prompt command enables you to modify login prompts during AAA authentication. This command configures text for accepted, rejected, and basic prompts, and its syntax is as follows : pixfirewall(config)# [no clear] auth-prompt [prompt accept reject] "<prompt text>" Table 10.8 displays the possible options for the auth-prompt command. Table 10.8. auth-prompt Command Options
Here are some basic examples of setting the prompts: pixfirewall(config)# auth-prompt prompt "AUTHORIZED PERSONNEL ONLY" pixfirewall(config)# auth-prompt reject "WRONG" pixfirewall(config)# auth-prompt accept "Welcome to the PIX firewall" Authentication TimeoutsAAA authentication connections support two timeouts: inactivity and absolute. The inactivity timeout is used to disconnect the connection when the user is idle or inactive. The absolute timeout sets the total duration that the user is allowed to be logged in. Here is the command syntax: pixfirewall(config)# timeout uauth hh:mm:ss [absoluteinactivity] After timeouts are set, the show timeout command can be used to display all the values for the timeout command. The output of the command is shown here: pixfirewall(config)# show timeout timeout uauth 0:05:00 absolute |