Aaa Overview - Cisco 7604 Configuration Manual

Configuring AAA Servers and the Local Database
This chapter describes support for AAA
the local database.
This chapter includes the following sections:
•
•
•
•

AAA Overview

AAA enables the FWSM to determine who the user is (authentication), what the user can do
(authorization), and what the user did (accounting).
AAA provides an extra level of protection and control for user access than using access lists alone. For
example, you can create an access list allowing all outside users to access Telnet on a server on an inside
interface. If you want only some users to access the server and you might not always know IP addresses
of these users, you can enable AAA to allow only authenticated and/or authorized users to make it
through the FWSM. (The Telnet server enforces authentication, too; the FWSM prevents unauthorized
users from attempting to access the server.)
You can use authentication alone or with authorization and accounting. Authorization always requires a
user to be authenticated first. You can use accounting alone, or with authentication and authorization.
If you use multiple security contexts, AAA settings are discrete per context, not shared between contexts.
This provides you the opportunity to control access, authorize resources and commands, and perform
accounting differently among contexts.
This section includes the following topics:
•
•
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
AAA Overview, page 11-1
AAA Server and Local Database Support, page 11-3
Configuring the Local Database, page 11-7
Identifying AAA Server Groups and Servers, page 11-9
About Authentication, page 11-2
About Authorization, page 11-2
About Accounting, page 11-2
C H A P T E R
(
pronounced "triple A") and how to configure AAA servers and
11
11-1