Cisco 4700M Configuration Manual page 73

Chapter 2 Configuring Authentication and Accounting Services
The administrator of each virtual context is able to perform, independent from
other contexts, the following actions:
•
•
•
•
•
Each user who accesses the ACE from a specific IP address needs to authenticate
once only. The user authentication sequence remains in effect until the
authentication session expires on the ACE.
The ACE runs the AAA client, which sits between the users and the AAA server.
On one side, the ACE prompts each user for their credentials (username and
password). On the other side, the ACE queries the identified AAA servers to
determine if the user being authenticated has supplied the correct credentials and
is authorized access to the ACE.
The ACE performs authentication using either the local user database that resides
on the ACE or a remote AAA server. The ACE can use a Remote Access Dial-In
User Service (RADIUS), Terminal Access Controller Access Control System Plus
(TACACS+), or Lightweight Directory Access Protocol (v3) (LDAP) server for
remote authentication and designation of access rights.
This section contains the following topics:
•
•
•
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
OL-16202-01
Configure different AAA servers and their parameters
Create the same username across contexts, and associate the username with a
unique role in a context and multiple domains
Share AAA servers. Each user, however, must be authenticated for each
virtual context and must use the same password
Log user accounting activities, which are distinguished by the context in
which a user has signed in
Display the users currently authenticated on the virtual context
Local Database and Remote Server Support
Authentication Overview
Accounting Overview
AAA Overview
2-3