Instruction/ maintenance manual of the product OL-12180-01 Cisco Systems
Go to page of 24
CHAPTER 12-1 ASDM User Guide OL-12180-01 12 Configuring AAA Servers and User Accounts This chapter describes support for AAA ( pronounced “triple A”) and ho w to conf igure AAA servers and the local database.
12-2 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts AAA Server and Local Database Support • All administrativ e connections to the security appliance including the .
12-3 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts AAA Server and Local Database Support • RADIUS Server Support, page 12-3 • T ACA CS+ Server Support, page 12-4.
12-4 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts AAA Server and Local Database Support This section contains the following topics: • Authentication Methods, page.
12-5 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts AAA Server and Local Database Support • T wo-step Authentication Process, page 12-5 • SDI Primary and Replica Servers, page 12-5 SDI Version Support The security appliance supports SDI V ersion 5.
12-6 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts AAA Server and Local Database Support LDAP Server Support This section describes using an LD AP directory with the security appliance for user authentication and VPN authorization.
12-7 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Configuring the Local Database User Profiles User prof iles contain, at a minimum, a username. T ypically , a password is assigned to each username, although passwords are optional.
12-8 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Configuring the Local Database User Accounts The User Accounts pane lets you manage the local user database.
12-9 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Configuring the Local Database • VPN Group Lock—Specif ies what, if any , group lock policy is in effect for this user . Not av ailable in multimode. • Add—Displays the Add User Account dialog box.
12-10 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Configuring the Local Database Pri vilege Le vel—Selects the privile ge level for this user to use with local command authorization. The range is 0 (lowest) to 15 (highest).
12-11 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Configuring the Local Database L2TP ov er IPSec—Allows remote users with VPN clients provided with se veral com.
12-12 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Identifying AAA Server Groups and Servers – Subnet Mask list—Specif ies the subnet mask for the Dedicated IP address. Check the Group Lock check box to restrict users to remote access through this group only .
12-13 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Identifying AAA Server Groups and Servers If AAA accounting is in ef fect, the accounting information goes only to the activ e server , unless you have conf igured simultaneous accounting.
12-14 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Identifying AAA Server Groups and Servers • Delete—Remov es the selected AAA server from the list. • Mov e up—Moves the selected AAA server up in the AAA sequence.
12-15 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Identifying AAA Server Groups and Servers Modes The following table sho ws the modes in which this feature is av .
12-16 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Identifying AAA Server Groups and Servers • Server Name or IP Address—Specif ies the name or IP address of the AAA server . • T imeout—Specif ies the timeout interval, in seconds.
12-17 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Identifying AAA Server Groups and Servers If you choose Detect Automatically , the security appliance attempts to determine the type of netmask expression used.
12-18 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Identifying AAA Server Groups and Servers – Naming Attribute(s)—Specif ies the Relativ e Distinguished Name attribute (or attributes) that uniquely identif ies an entry on the LD AP server .
12-19 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Identifying AAA Server Groups and Servers – Start URL—Specif ies the complete URL of the authenticating web server location where a pre-login cookie can be retriev ed.
12-20 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Configuring an Authentication Prompt Ti p Checking for basic network connecti vity to the AAA server may sav e you time in troubleshooting. T o test basic connecti vity , click T ools > Ping.
12-21 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Configuring an LDAP Attribute Map Note Microsoft Internet Explorer displays up to 37 characters in an authentication prompt. Netscape Navigator displays up to 120 characters, and T elnet and FTP display up to 235 characters in an authentication prompt.
12-22 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Configuring an LDAP Attribute Map Fields • Name—Displays the names of the LD AP attribute maps a vailable for editing. • Attribute Map Name—Displays the mappings of customer attrib ute names to Cisco attribute names within each attribute map.
12-23 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Configuring an LDAP Attribute Map Fields • Name—Specif ies the name of the LD AP attribute map you are adding or editing. If you are adding a ne w map, you enter the name of the map in this f ield.
12-24 ASDM User Guide OL-12180-01 Chapter 12 Configuring AAA Servers and User Accounts Configuring an LDAP Attribute Map • Customer V alue—Specif ies a customer value for the selected customer attribute. • Cisco V alue—Specif ies the Cisco value for the selected customer attribute.
An important point after buying a device Cisco Systems OL-12180-01 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Cisco Systems OL-12180-01 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Cisco Systems OL-12180-01 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Cisco Systems OL-12180-01 you will learn all the available features of the product, as well as information on its operation. The information that you get Cisco Systems OL-12180-01 will certainly help you make a decision on the purchase.
If you already are a holder of Cisco Systems OL-12180-01, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Cisco Systems OL-12180-01.
However, one of the most important roles played by the user manual is to help in solving problems with Cisco Systems OL-12180-01. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Cisco Systems OL-12180-01 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center
