CHAPTER
31-1
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
31
Configuring AAA Servers and the Local Database
This chapter describes support for AAA (pronounced “triple A”) and how to configure AAA servers and
the local database.
The chapter includes the following sections:
• AAA Overview, page 31-1
• AAA Server and Local Database Support, page 31-3
• Configuring AAA Server Groups, page 31-8
• Testing Server Authentication and Authorization, page 31-18
• Adding a User Account, page 31-18
• Configuring LDAP Attribute Maps, page 31-22
• Adding an Authentication Prompt, page 31-23
• AAA Servers Monitoring, page 31-24
• Additional References, page 31-25
• Feature History for AAA Servers, page 31-26
AAA Overview
AAA enables the adaptive security appliance to determine who the user is (authentication), what the user
can do (authorization), and what the user did (accounting).
AAA provides an extra level of protection and control for user access than using access lists alone. For
example, you can create an access list allowing all outside users to access Telnet on a server on the DMZ
network. If you want only some users to access the server and you might not always know IP addresses
of these users, you can enable AAA to allow only authenticated and/or authorized users to connect
through the adaptive security appliance. (The Telnet server enforces authentication, too; the adaptive
security appliance prevents unauthorized users from attempting to access the server.)
You can use authentication alone or with authorization and accounting. Authorization always requires a
user to be authenticated first. You can use accounting alone, or with authentication and authorization.
This section includes the following topics:
• About Authentication, page 31-2
• About Authorization, page 31-2
• About Accounting, page 31-3
To Next Page
Loading...
Need help?
General
