Aaa Server And Local Database Support - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
AAA Overview
AAA Server and Local Database Support
The FWSM supports AAA servers and a local database that is stored on the FWSM. Each server type
and local database provides different functionality (see
Table 12-1 AAA Server and Local Database Support
Server/Database Type Functionality
RADIUS
User authentication for CLI access
User authentication for the enable
command
User authentication for network
access
User authorization for network access
using downloaded ACLs per user
(dynamic ACLs)
User authorization for network access
using a downloaded ACL name per
user
VPN client authentication
Accounting for network access per
user or IP address
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
12-4
Table
12-1).
Description
When a user attempts to access the FWSM for Telnet, SSH,
or HTTP, the FWSM consults the RADIUS server for the
username and password.
When a user attempts to access the enable command, the
FWSM consults the RADIUS server for the username and
password.
When a user attempts to access networks through the FWSM,
and the traffic matches an authentication statement, the
FWSM consults the RADIUS server for the username and
password.
This user authorization occurs automatically when you
configure authentication, but you must configure the
RADIUS server to support it. When the user authenticates on
the FWSM, the RADIUS server sends a dynamic ACL to the
FWSM. The user's access to a given service is either
permitted or denied by the ACL. The FWSM deletes the ACL
when the authentication session expires.
This user authorization occurs implicitly when you configure
authentication, but you must configure the RADIUS server to
support it. When the user authenticates on the FWSM, the
RADIUS server sends a name of an ACL that is already
defined on the FWSM. The user's access to a given service is
either permitted or denied by the ACL. You can specify the
same ACL for multiple users.
When you configure VPN management access using the
VPN client, you can use a RADIUS server to authenticate the
client. (See the
"Configuring VPN Client Access" section on
page 11-7
for more information.)
You can configure the FWSM to send accounting information
to the RADIUS server about any traffic that passes through
the FWSM.
Chapter 12
Configuring AAA
OL-6392-01
Advertisement
Table of Contents
Troubleshooting
