Configuring AAA on an FTD Appliance for Use with Cisco ISE¶
Role-based Access for Firepower Device Manager¶
When devices use role-based access to determine privilege, RADIUS must be used as the AAA protocol.
TACACS should be used when the device configured mainly through CLI, since TACACS allows each command to be authorized.
Role-based Access Using FDM GUI¶
Cisco AV Pairs:
Read-Only (
fdm.userrole.authority.ro
)Read-Write (
fdm.userrole.authority.rw
)Admin (
fdm.userrole.authority.admin
)
Role-based Access Using FDM CLI¶
Service Types:
Read-Only (
Service-Type:Administrator(6)
)Read-Write (
Service-Type:NAS Prompt(7)
)