CHAPTER
19-1
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
19
Applying AAA for Network Access
This chapter describes how to enable AAA (pronounced “triple A”) for network access.
For information about AAA for management access, see the “Configuring AAA for System
Administrators” section on page 40-4.
This chapter contains the following sections:
• AAA Performance, page 19-1
• Configuring Authentication for Network Access, page 19-1
• Configuring Authorization for Network Access, page 19-5
• Configuring Accounting for Network Access, page 19-12
• Using MAC Addresses to Exempt Traffic from Authentication and Authorization, page 19-13
AAA Performance
The security appliance uses “cut-through proxy” to significantly improve performance compared to a
traditional proxy server. The performance of a traditional proxy server suffers because it analyzes every
packet at the application layer of the OSI model. The security appliance cut-through proxy challenges a
user initially at the application layer and then authenticates against standard AAA servers or the local
database. After the security appliance authenticates the user, it shifts the session flow, and all traffic
flows directly and quickly between the source and destination while maintaining session state
information.
Configuring Authentication for Network Access
This section includes the following topics:
• Authentication Overview, page 19-2
• Enabling Network Access Authentication, page 19-3
• Enabling Secure Authentication of Web Clients, page 19-5
To Next Page
Loading...
