Cisco Catalyst 6500 Series Configuration Manual page 225
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Chapter 12
Configuring AAA
Table 12-1 AAA Server and Local Database Support (continued)
Server/Database Type Functionality
TACACS+
User authentication for CLI access
User authentication for the enable
command
User authentication for network
access
User authorization for network access When a user matches an authorization statement on the
User authorization for management
commands.
VPN client authentication
Accounting for network access per
user or IP address
1
Local database
User authentication for CLI access
User authentication for the enable or
login command
User authorization for management
commands.
VPN client authentication
1. The local database can act as a fallback method for each of these functions if the AAA server is unavailable.
OL-6392-01
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
Description
When a user attempts to access the FWSM for Telnet, SSH,
or HTTP, the FWSM consults the TACACS+ server for the
username and password.
When a user attempts to access the enable command, the
FWSM consults the TACACS+ server for the username and
password.
When a user attempts to access networks through the FWSM,
and the traffic matches an authentication statement, the
FWSM consults the TACACS+ server for the username and
password.
FWSM after authenticating, the FWSM consults the
TACACS+ server for the user's access privileges.
On the TACACS+ server, configure the commands that a user
or group can use after they authenticate for CLI access. Every
command that a user enters at the CLI is checked with the
TACACS+ server.
When you configure VPN management access using the
VPN client, you can use a TACACS+ server to authenticate
the client. (See the
"Configuring VPN Client Access" section
on page 11-7
for more information.)
You can configure the FWSM to send accounting information
to the TACACS+ server about any traffic that passes through
the FWSM.
When a user attempts to access the FWSM for Telnet, SSH,
or HTTP, the FWSM consults the local user database for the
username and password.
When a user attempts to access the enable or login command,
the FWSM consults the local user database for the username
and password. You do not need to configure login user
authentication; it is on by default.
When a user authenticates with the enable command (or logs
in with the login command), the FWSM places that user in the
privilege level defined by the local database. You can
configure each command to belong to privilege level between
0 and 15 on the FWSM.
When you configure VPN management access using the
VPN client, you can use the local database to authenticate the
client. (See the
"Configuring VPN Client Access" section on
page 11-7
for more information.)
AAA Overview
12-5
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Cisco Catalyst 6500 Series
Related Products for Cisco Catalyst 6500 Series
- Cisco 6503 - Catalyst Firewall Security Sys
- Cisco 6503-E - Catalyst Chassis With Supervisor Engine 32 Switch
- Cisco 6504-E - Catalyst Chassis With Supervisor Engine 32 Switch
- Cisco 6506 - Catalyst Chassis Switch
- Cisco 6513 - Catalyst Switch
- Cisco Catalyst 6509
- Cisco Catalyst 6513-E
- Cisco Catalyst 6500-E Series