1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Software
  5. 4700M
  6. Configuration manual

C H A P T E R 2 Configuring Authentication And Accounting Services; Aaa Overview - Cisco 4700M Configuration Manual

Application control engine appliance security
Hide thumbs Also See for 4700M:
Table of Contents

Advertisement

Chapter 2
Configuring Authentication and Accounting Services

AAA Overview

AAA Overview
AAA provides management security for user access to the ACE through a
combination of authentication and accounting services. AAA informs the ACE
who the user is and what the user did. You can use authentication alone or with
accounting. ACE provides security for the management access methods to the
ACE, including the command-line interface (CLI) or Simple Network
Management Protocol (SNMP).
You can access the ACE CLI through the console port or by a Telnet or SSH
session. When you log in to the ACE using either a Telnet or SSH connection, and
if the ACE is configured for AAA server-based authentication, a temporary
SNMP user entry is automatically created. The SNMPv3 protocol data units
(PDUs) with the associated Telnet or SSH login name as the SNMPv3 user are
authenticated by the ACE.
As part of the authentication process, the ACE associates each user with a user
role and a domain privilege pair under a specific virtual context. Each virtual
context behaves like an independent device with its own configuration, security
policies, interfaces, and domains. A user context can be independently managed
with other user contexts. A domain provides a namespace in which a user
operates, and each user is associated with at least one domain. The role assigned
to a user determines the operations that a user can perform on the objects in a
domain and the command set available to that user. Each context has a virtual
AAA instance running to provide authentication for the users logging in and
accounting services to log user activity.
Each virtual context on the ACE can have its own IP address. You can access each
virtual context in an ACE through the console port or a Telnet or SSH session by
specifying this IP address. Users can also send SNMP requests to the ACE by
using this IP address.
Only the Admin context is accessible through the console port; all other contexts
Note
can be reached through Telnet or SSH.
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
2-2
OL-16202-01

Advertisement

Table of Contents
loading

Related Manuals for Cisco 4700M

Related Content for Cisco 4700M

This manual is also suitable for:

4700 series

Table of Contents