Configuring aaa servers and the local database, Information about aaa, C h a p t e r – Cisco ASA 5505 User Manual
Page 681
C H A P T E R
35-1
Cisco ASA 5500 Series Configuration Guide using the CLI
35
Configuring AAA Servers and the Local Database
This chapter describes support for authentication, authorization, and accounting (
AAA,
pronounced
“triple A”), and how to configure AAA servers and the local database.
The chapter includes the following sections:
•
Information About AAA, page 35-1
•
Licensing Requirements for AAA Servers, page 35-10
•
Guidelines and Limitations, page 35-10
•
•
Monitoring AAA Servers, page 35-30
•
Additional References, page 35-31
•
Feature History for AAA Servers, page 35-31
Information About AAA
AAA enables the ASA to determine who the user is (authentication), what the user can do
(authorization), and what the user did (accounting).
AAA provides an extra level of protection and control for user access than using access lists alone. For
example, you can create an access list allowing all outside users to access Telnet on a server on the DMZ
network. If you want only some users to access the server and you might not always know IP addresses
of these users, you can enable AAA to allow only authenticated and/or authorized users to connect
through the ASA. (The Telnet server enforces authentication, too; the ASA prevents unauthorized users
from attempting to access the server.)
You can use authentication alone or with authorization and accounting. Authorization always requires a
user to be authenticated first. You can use accounting alone, or with authentication and authorization.
This section includes the following topics:
•
Information About Authentication, page 35-2
•
Information About Authorization, page 35-2
•
Information About Accounting, page 35-3
•
Summary of Server Support, page 35-3
•
RADIUS Server Support, page 35-4
•