AAA Overview
About Authentication
Authentication controls access by requiring valid user credentials, which are typically a username and
password. You can configure the FWSM to authenticate the following items:
•
•
•
About Authorization
Authorization controls access per user after users authenticate. You can configure the FWSM to
authorize the following items:
•
•
•
Authorization controls the services and commands available to each authenticated user. Were you not to
enable authorization, authentication alone would provide the same access to services for all
authenticated users.
If you need the control that authorization provides, you can configure a broad authentication rule, and
then have a detailed authorization configuration. For example, you authenticate inside users who attempt
to access any server on the outside network and then limit the outside servers that a particular user can
access using authorization.
The FWSM caches the first 16 authorization requests per user, so if the user accesses the same services
during the current authentication session, the FWSM does not resend the request to the authorization
server.
About Accounting
Accounting tracks traffic that passes through the FWSM, enabling you to have a record of user activity.
If you enable authentication for that traffic, you can account for traffic per user. If you do not
authenticate the traffic, you can account for traffic per IP address. Accounting information includes
when sessions start and stop, username, the number of bytes that pass through the FWSM for the session,
the service used, and the duration of each session.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
11-2
All administrative connections to the FWSM including the following sessions:
–
Telnet
–
SSH
Serial console
–
ASDM (using HTTPS)
–
VPN management access
–
The enable command
Network access
Management commands
Network access
VPN access for management connections
Chapter 11
Configuring AAA Servers and the Local Database
OL-20748-01