1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Software
  5. 4700M
  6. Configuration manual

Local Database And Remote Server Support - Cisco 4700M Configuration Manual

Application control engine appliance security
Hide thumbs Also See for 4700M:
Table of Contents

Advertisement

AAA Overview

Local Database and Remote Server Support

Note
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
2-4
The ACE supports local authentication using a local database on the ACE or
remote authentication using one or more AAA servers. AAA remote servers are
grouped into independent groups of TACACS+, RADIUS, or LDAP servers. For
a group of servers, the ACE bases the selection of the server to use on the first
active server in the group.
"First" refers to the order in which servers have been configured.
When a user logs in to an ACE, the servers are accessed one at a time, starting
with the first server specified in the configuration, until a server responds to the
ACE.
When you configure server groups using the server group authentication method,
the ACE sends an authentication request to the first AAA server in the group as
follows:
If the remote AAA server fails to respond, the ACE attempts to contact the
next server in the group until a remote AAA server responds to the
authentication request.
If all AAA servers in the server group fail to respond, the ACE tries to contact
the AAA servers in the next configured server group.
If all remote AAA servers fail to respond, by default, the ACE attempts to
authenticate the user against the local database.
If the username and password are successfully authenticated either locally or
remotely, the ACE allows the user to log in, and the user is assigned a unique role
(as specified through the role command, which determines the commands and
resources available to each user).
Each server within a group can assume an active or an inactive state if a network
connection failure occurs. The policy used to select the AAA server takes the
server state into account. The ACE monitors the AAA server operation by sending
authentication requests to a timed-out server. If the ACE does not receive
confirmation from the server within a user-specified number of retries, the ACE
declares the server to be unresponsive and initiates the sequence to contact the
next available server specified in the server group.
Chapter 2
Configuring Authentication and Accounting Services
OL-16202-01

Advertisement

Table of Contents
loading

Related Manuals for Cisco 4700M

Related Content for Cisco 4700M

This manual is also suitable for:

4700 series

Table of Contents