Chapter 17 Applying Aaa For Network Access; Aaa Performance; Configuring Authentication For Network Access - Cisco 7604 Configuration Manual

Applying AAA for Network Access
This chapter describes how to enable AAA (pronounced "triple A") for network access.
For information about AAA for management access, see the
on page
This chapter includes the following sections:
•
•
•
•
•

AAA Performance

The FWSM uses "cut-through proxy" to significantly improve performance compared to a traditional
proxy server. The performance of a traditional proxy server suffers because it analyzes every packet at
the application layer of the OSI model. The FWSM cut-through proxy challenges a user initially at the
application layer and then authenticates against standard RADIUS, TACACS+, or the local database.
After the FWSM authenticates the user, it shifts the session flow, and all traffic flows directly and
quickly between the source and destination while maintaining session state information.

Configuring Authentication for Network Access

This section includes the following topics:
•
•
•
•
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
23-10.
AAA Performance, page 17-1
Configuring Authentication for Network Access, page 17-1
Configuring Authorization for Network Access, page 17-9
Configuring Accounting for Network Access, page 17-13
Using MAC Addresses to Exempt Traffic from Authentication and Authorization, page 17-14
Authentication Overview, page 17-2
Enabling Network Access Authentication, page 17-3
Configuring Custom Login Prompts, page 17-5
Enabling Secure Authentication of Web Clients, page 17-6
Disabling Authentication Challenge per Protocol, page 17-8
17
C H A P T E R
"AAA for System Administrators" section
17-1