Cisco Systems OL-12180-01 manual AAA Server and Local Database Support, About Authorization, 12-2

Page 2

Chapter 12 Configuring AAA Servers and User Accounts

AAA Server and Local Database Support

All administrative connections to the security appliance including the following sessions:

Telnet

SSH

Serial console

ASDM (using HTTPS)

VPN management access

The enable command

Network access

VPN access

About Authorization

Authorization controls access per user after users authenticate. You can configure the security appliance to authorize the following items:

Management commands

Network access

VPN access

Authorization controls the services and commands available to each authenticated user. Were you not to enable authorization, authentication alone would provide the same access to services for all authenticated users.

If you need the control that authorization provides, you can configure a broad authentication rule, and then have a detailed authorization configuration. For example, you authenticate inside users who attempt to access any server on the outside network and then limit the outside servers that a particular user can access using authorization.

The security appliance caches the first 16 authorization requests per user, so if the user accesses the same services during the current authentication session, the security appliance does not resend the request to the authorization server.

About Accounting

Accounting tracks traffic that passes through the security appliance, enabling you to have a record of user activity. If you enable authentication for that traffic, you can account for traffic per user. If you do not authenticate the traffic, you can account for traffic per IP address. Accounting information includes when sessions start and stop, username, the number of bytes that pass through the security appliance for the session, the service used, and the duration of each session.

AAA Server and Local Database Support

The security appliance supports a variety of AAA server types and a local database that is stored on the security appliance. This section describes support for each AAA server type and the local database.

This section contains the following topics:

Summary of Support, page 12-3

 

ASDM User Guide

12-2

OL-12180-01

Page 1 Page 3
Image 2
Page 1 Page 3
Contents 12-1 About AuthenticationAAA Overview About Accounting About AuthorizationAAA Server and Local Database Support 12-212-3 Summary of SupportRadius Server Support TACACS+ Server Support Authentication MethodsRadius Authorization Functions SDI Server SupportKerberos Server Support Two-step Authentication ProcessNT Server Support SDI Version SupportLocal Database Support Ldap Server SupportSSO Support for Clientless SSL VPN with Http Forms 12-6Fallback Support Configuring the Local DatabaseUser Profiles 12-7User Accounts 12-8Add/Edit User Account Identity 12-9Add/Edit User Account VPN Policy 12-1012-11 12-12 Identifying AAA Server Groups and ServersAAA Server Groups 12-13 Add/Edit AAA Server Group 12-1412-15 Edit AAA Local Server GroupAdd/Edit AAA Server 12-16 12-17 12-18 Test AAA Server 12-19Configuring an Authentication Prompt 12-20Configuring an Ldap Attribute Map 12-2112-22 Add/Edit Ldap Attribute MapAdd/Edit Ldap Attribute Map Map Name Tab 12-23 Add/Edit Ldap Attribute Map Map Value TabAdd/Edit Ldap Attributes Value Map 12-24
Top Page Image Contents