Configuring aaa rules for network access, Aaa performance, Licensing requirements for aaa rules – Cisco ASA 5505 User Manual
Page 775: C h a p t e r
C H A P T E R
38-1
Cisco ASA 5500 Series Configuration Guide using the CLI
38
Configuring AAA Rules for Network Access
This chapter describes how to enable AAA (pronounced “triple A”) for network access.
For information about AAA for management access, see the
Administrators” section on page 37-13
.
This chapter includes the following sections:
•
•
Licensing Requirements for AAA Rules, page 38-1
•
Guidelines and Limitations, page 38-2
•
Configuring Authentication for Network Access, page 38-2
•
Configuring Authorization for Network Access, page 38-11
•
Configuring Accounting for Network Access, page 38-18
•
Using MAC Addresses to Exempt Traffic from Authentication and Authorization, page 38-20
•
Feature History for AAA Rules, page 38-21
AAA Performance
The ASA uses “cut-through proxy” to significantly improve performance compared to a traditional
proxy server. The performance of a traditional proxy server suffers because it analyzes every packet at
the application layer of the OSI model. The ASA cut-through proxy challenges a user initially at the
application layer and then authenticates with standard AAA servers or the local database. After the ASA
authenticates the user, it shifts the session flow, and all traffic flows directly and quickly between the
source and destination while maintaining session state information.
Licensing Requirements for AAA Rules
The following table shows the licensing requirements for this feature:
Model
License Requirement
All models
Base License.