General AAA Commands

Several useful commands can help you view and confirm that your AAA services are configured correctly. Table 10.7 displays some of these.

Table 10.7. General AAA Commands



show aaa

This command displays all the currently configured AAA authentication, authorization, and accounting commands.

clear aaa

This deletes all the configured AAA authentication, authorization, and accounting commands.

show aaa-server

This command displays all the configured AAA servers.

show uauth

The output of this command displays the usernames and IP addresses of users who are currently logged in.

clear uauth

This can remove a single user or all authentication users currently logged in.

Authentication Prompts

The authentication prompt command enables you to modify login prompts during AAA authentication. This command configures text for accepted, rejected, and basic prompts, and its syntax is as follows :

 pixfirewall(config)# [no  clear] auth-prompt [prompt  accept  reject]                "<prompt text>" 

Table 10.8 displays the possible options for the auth-prompt command.

Table 10.8. auth-prompt Command Options




After this option, use quotes around the text you want to display to the user during general AAA logon attempts.


This defines the accepted text after authentication is successful.


This defines the text displayed after failed authentication attempts.

Here are some basic examples of setting the prompts:

 pixfirewall(config)# auth-prompt prompt "AUTHORIZED PERSONNEL ONLY" pixfirewall(config)# auth-prompt reject "WRONG" pixfirewall(config)# auth-prompt accept "Welcome to the PIX firewall" 

Authentication Timeouts

AAA authentication connections support two timeouts: inactivity and absolute. The inactivity timeout is used to disconnect the connection when the user is idle or inactive. The absolute timeout sets the total duration that the user is allowed to be logged in. Here is the command syntax:

 pixfirewall(config)# timeout uauth hh:mm:ss [absoluteinactivity] 

After timeouts are set, the show timeout command can be used to display all the values for the timeout command. The output of the command is shown here:

 pixfirewall(config)# show timeout timeout uauth 0:05:00 absolute 

CSPFA Exam Cram 2 (Exam 642-521)
CCSP CSPFA Exam Cram 2 (Exam Cram 642-521)
ISBN: 0789730235
EAN: 2147483647
Year: 2003
Pages: 218 © 2008-2017.
If you may any questions please contact us: