Filter
Top Products
12-13
ASDM User Guide
OL-12180-01
Chapter 12 Configuring AAA Servers and User Accounts
Identifying AAA Server Groups and Servers
If AAA accounting is in effect, the accounting information goes only to the active server, unless you have
configured simultaneous accounting.
For an overview of AAA services, see the “AAA Overview” section on page 12-1.
Fields
The fields in the AAA Server Groups pane are grouped into two main areas: the AAA Server Groups
area and the Servers In The Selected Group area. The AAA Server Groups area lets you configure AAA
server groups and the protocols the security appliance uses to communicate with the servers listed in
each group.
Note Double-clicking any of the rows in the AAA Server Groups table opens the Edit AAA Server Group
dialog box, in which you can modify the AAA Server Group parameters. These changes are immediately
reflected in the table, but you must click Apply to save them to the configuration.
Clicking a column head sorts the table rows in alphanumeric order according to the contents of that
column.
• Server Group—Display only. Shows the symbolic name of the selected server group.
• Protocol—Display only. Lists the AAA protocol that servers in the group support.
• Accounting Mode—Display only. Shows either simultaneous or single mode accounting. In single
mode, the security appliance sends accounting data to only one server. In simultaneous mode, the
security appliance sends accounting data to all servers in the group.
• Reactivation Mode—Display only. Shows the method by which failed servers are reactivated:
Depletion or Timed reactivation mode. In Depletion mode, failed servers are reactivated only after
all of the servers in the group are inactive. In Timed mode, failed servers are reactivated after 30
seconds of down time.
• Dead Time—Display only. Shows the number of minutes that will elapse between the disabling of
the last server in the group and the subsequent reenabling of all servers. This parameter applies only
in depletion mode.
• Max Failed Attempts—Display only. Shows the number of failed connection attempts allowed
before declaring a nonresponsive server inactive.
• Add—Displays the Add AAA Server Group dialog box.
• Edit—Displays the Edit AAA Server Group dialog box, or, if you have selected LOCAL as the
server group, displays the Edit AAA Local Server Group dialog box.
• Delete—Removes the currently selected server group entry from the server group table. There is no
confirmation or undo.
The Servers In Selected Group area, the second area of the AAA Server Groups pane, lets you add and
configure AAA servers for existing AAA server groups. The servers can be RADIUS, TACACS+, NT,
SDI, Kerberos, LDAP, or HTTP-form servers.
• Server Name or IP Address—Display only. Shows the name or IP address of the AAA server.
• Interface—Display only. Shows the network interface where the authentication server resides.
• Timeout—Display only. Shows the timeout interval, in seconds. This is the time after which the
security appliance gives up on the request to the primary AAA server. If there is a standby AAA
server, the security appliance sends the request to the backup server.
• Add/Edit—Displays the Add/Edit AAA Server dialog box.