Cisco Systems OL-12180-01 manual Add/Edit AAA Server Group, 12-14

Page 14

Chapter 12 Configuring AAA Servers and User Accounts

Identifying AAA Server Groups and Servers

Delete—Removes the selected AAA server from the list.

Move up—Moves the selected AAA server up in the AAA sequence.

Move down—Moves the selected AAA server back in the AAA sequence.

Test—Displays the Test AAA Server dialog box.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode

 

Security Context

 

 

 

 

 

 

 

 

 

 

 

Multiple

 

 

 

 

 

 

Routed

Transparent

Single

Context

System

 

 

 

 

 

 

1

 

 

 

 

 

 

 

1. HTTP Form and Clientless SSL VPN are supported only in single routed mode.

Add/Edit AAA Server Group

The Add/Edit AAA Server Group dialog box lets you add or modify AAA server groups. The results appear in the AAA Server table.

Fields

Server Group— Display only. Shows the name of the selected server group.

Protocol drop-down list—Specifies the protocols supported by servers in the group. They include RADIUS, TACACS+, NT Domain, SDI, Kerberos, LDAP, and HTTP Form for single sign-on (users of Clientless SSL VPN only).

Note The following fields are not available after selecting the HTTP Form protocol.

Accounting Mode—Specifies the accounting mode used with the server group.

Simultaneous—Configures the security appliance to send accounting data to all servers in the group.

Single—Configures the security appliance to send accounting data to only one server of the group.

Reactivation Mode—Specifies the method by which failed servers are reactivated.

Depletion—Configures the security appliance to reactivate failed servers only after all of the servers in the group are inactive.

Timed—Configures the security appliance to reactive failed servers after 30 seconds of down time.

Dead Time—Specifies the number of minutes that will elapse between the disabling of the last server in the group and the subsequent reenabling of all servers. This field is not available for timed mode.

Max Failed Attempts—Specifies the number of failed connection attempts (1 through 5) allowed before declaring a nonresponsive server inactive.

 

ASDM User Guide

12-14

OL-12180-01

Page 13 Page 15
Image 14
Page 13 Page 15
Contents 12-1 About AuthenticationAAA Overview About Accounting About AuthorizationAAA Server and Local Database Support 12-212-3 Summary of SupportRadius Server Support TACACS+ Server Support Authentication MethodsRadius Authorization Functions SDI Server SupportKerberos Server Support Two-step Authentication ProcessNT Server Support SDI Version SupportLocal Database Support Ldap Server SupportSSO Support for Clientless SSL VPN with Http Forms 12-6Fallback Support Configuring the Local DatabaseUser Profiles 12-7User Accounts 12-8Add/Edit User Account Identity 12-9Add/Edit User Account VPN Policy 12-1012-11 12-12 Identifying AAA Server Groups and ServersAAA Server Groups 12-13 Add/Edit AAA Server Group 12-1412-15 Edit AAA Local Server GroupAdd/Edit AAA Server 12-16 12-17 12-18 Test AAA Server 12-19Configuring an Authentication Prompt 12-20Configuring an Ldap Attribute Map 12-2112-22 Add/Edit Ldap Attribute MapAdd/Edit Ldap Attribute Map Map Name Tab 12-23 Add/Edit Ldap Attribute Map Map Value TabAdd/Edit Ldap Attributes Value Map 12-24
Top Page Image Contents