Cisco OL-12180-01 - Manual
Cisco OL-12180-01 – Manual, read for free online in PDF format. We hope this helps you resolve any issues you may have. If you have further questions, please contact us through the contact form.
Table of Contents:
- Page 2 – About Authorization; AAA Server and Local Database Support
- Page 3 – Summary of Support
- Page 4 – Authentication Methods; TACACS+ Server Support
- Page 5 – SDI Version Support; Two-step Authentication Process; NT Server Support; Kerberos Server Support
- Page 6 – LDAP Server Support; SSO Support for Clientless SSL VPN with HTTP Forms; Local Database Support
- Page 7 – User Profiles; Configuring the Local Database
- Page 8 – User Accounts
- Page 12 – Identifying AAA Server Groups and Servers; AAA Server Groups
- Page 14 – Add/Edit AAA Server Group
- Page 15 – Edit AAA Local Server Group
- Page 19 – Test AAA Server
- Page 20 – Configuring an Authentication Prompt
- Page 21 – Configuring an LDAP Attribute Map
- Page 22 – Add/Edit LDAP Attribute Map > Map Name Tab
- Page 23 – Add/Edit LDAP Attribute Map > Map Value Tab; Add/Edit LDAP Attributes Value Map
C H A P T E R
12-1
ASDM User Guide
OL-12180-01
12
Configuring AAA Servers and User Accounts
This chapter describes support for AAA
(
pronounced “triple A”) and how to configure AAA servers and
the local database.
This chapter contains the following sections:
•
•
AAA Server and Local Database Support, page 12-2
•
Configuring the Local Database, page 12-7
•
Identifying AAA Server Groups and Servers, page 12-12
•
Configuring an Authentication Prompt, page 12-20
•
Configuring an LDAP Attribute Map, page 12-21
AAA Overview
AAA enables the security appliance to determine who the user is (authentication), what the user can do
(authorization), and what the user did (accounting).
AAA provides an extra level of protection and control for user access than using access lists alone. For
example, you can create an access list allowing all outside users to access Telnet on a server on the DMZ
network. If you want only some users to access the server and you might not always know IP addresses
of these users, you can enable AAA to allow only authenticated and/or authorized users to make it
through the security appliance. (The Telnet server enforces authentication, too; the security appliance
prevents unauthorized users from attempting to access the server.)
You can use authentication alone or with authorization and accounting. Authorization always requires a
user to be authenticated first. You can use accounting alone, or with authentication and authorization.
This section includes the following topics:
•
About Authentication, page 12-1
•
About Authorization, page 12-2
•
About Authentication
Authentication controls access by requiring valid user credentials, which are typically a username and
password. You can configure the security appliance to authenticate the following items:
"Loading the manual" means you need to wait until the file loads and becomes available for online reading. Some manuals are very large, and the time they take to appear depends on your internet speed.
Summary
12-2 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts AAA Server and Local Database Support • All administrative connections to the security appliance including the following sessions: – Telnet – SSH – Serial console – ASDM (using HTTPS) – VPN management access • The ...
12-3 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts AAA Server and Local Database Support • RADIUS Server Support, page 12-3 • TACACS+ Server Support, page 12-4 • SDI Server Support, page 12-4 • NT Server Support, page 12-5 • Kerberos Server Support, page 12-5 • LDA...
12-4 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts AAA Server and Local Database Support This section contains the following topics: • Authentication Methods, page 12-4 • Attribute Support, page 12-4 • RADIUS Authorization Functions, page 12-4 Authentication Method...
