35-32
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter35 Configuring AAA Servers and the Local Database
Feature History for AAA Servers
Table35-3 Feature History for AAA Servers
Feature Name
Platform
Releases Feature Information
AAA Servers 7.0(1) AAA Servers describe support for AAA and how to
configure AAA servers and the local database.
We introduced the following commands:
username, aaa authorization exec authentication-server,
aaa authentication console LOCAL, aaa authorization
exec LOCAL, service-type, ldap attribute-map,
aaa-server protocol, aaa authentication {telnet | ssh |
serial} console LOCAL, aaa authentication http console
LOCAL, aaa authentication enable console LOCAL,
max-failed-attempts, reactivation-mode,
accounting-mode simultaneous, aaa-server host,
authorization-server-group, tunnel-group, tunnel-group
general-attributes, map-name, map-value,
ldap-attribute-map, zonelabs-Integrity server-address,
zonelabs-integrity port, zonelabs-integrity interface,
zonelabs-integrity fail-timeout, zonelabs-integrity
fail-close, zonelabs-integrity fail-open,
zonelabs-integrity ssl-certificate-port,
zonelabs-integrity ssl-client-authentication {enable |
disable}, client-firewall {opt | req} zonelabs-integrity
Key vendor-specific attributes (VSAs) sent in
RADIUS access request and accounting request
packets from the ASA
8.4(3) Four New VSAs—Tunnel Group Name (146) and Client
Type (150) are sent in RADIUS access request packets from
the ASA. Session Type (151) and Session Subtype (152) are
sent in RADIUS accounting request packets from the ASA.
All four attributes are sent for all accounting request packet
types: Start, Interim-Update, and Stop. The RADIUS server
(for example, ACS and ISE) can then enforce authorization
and policy attributes or use them for accounting and billing
purposes.
Common Criteria certification and FIPS support
for password policy, password change, and SSH
public key authentication
8.4(4.1) We introduced or modified the following commands:
password-policy lifetime, password-policy minimum
changes, password-policy minimum-length,
password-policy minimum-lowercase, password-policy
minimum-uppercase, password-policy
minimum-numeric, password-policy minimum-special,
password-policy authenticate enable, username,
username attributes, clear configure username,
change-password, clear configure password-policy,
show running-config password-policy, and username.