
Chapter 12 Configuring AAA Servers and User Accounts
AAA Server and Local Database Support
This section contains the following topics:
•Authentication Methods, page
•Attribute Support, page
•RADIUS Authorization Functions, page
Authentication Methods
The security appliance supports the following authentication methods with RADIUS:
•
•
•
•
Attribute Support
The security appliance supports the following sets of RADIUS attributes:
•Authentication attributes defined in RFC 2138.
•Accounting attributes defined in RFC 2139.
•RADIUS attributes for tunneled protocol support, defined in RFC 2868.
•Cisco IOS VSAs, identified by RADIUS vendor ID 9.
•Cisco
•Microsoft VSAs, defined in RFC 2548.
RADIUS Authorization Functions
The security appliance can use RADIUS servers for user authorization for network access using dynamic access lists or access list names per user. To implement dynamic access lists, you must configure the RADIUS server to support it. When the user authenticates, the RADIUS server sends a downloadable access list or access list name to the security appliance. Access to a given service is either permitted or denied by the access list. The security appliance deletes the access list when the authentication session expires.
TACACS+ Server Support
The security appliance supports TACACS+ authentication with ASCII, PAP, CHAP, and
SDI Server Support
The RSA SecureID servers are also known as SDI servers.
This section contains the following topics:
•SDI Version Support, page
| ASDM User Guide |
|