Filter
Top Products
CHAPTER
23-1
Cisco ASDM User Guide
OL-16647-01
23
Applying AAA for Network Access
This chapter describes how to enable AAA (pronounced “triple A”) for network access.
For information about AAA for management access, see the “Configuring AAA for System
Administrators” section on page 16-20.
This chapter includes the following sections:
• AAA Performance, page 23-1
• Configuring Authentication for Network Access, page 23-1
• Configuring Authorization for Network Access, page 23-9
• Configuring Accounting for Network Access, page 23-15
• Using MAC Addresses to Exempt Traffic from Authentication and Authorization, page 23-16
AAA Performance
The security appliance uses “cut-through proxy” to significantly improve performance compared to a
traditional proxy server. The performance of a traditional proxy server suffers because it analyzes every
packet at the application layer of the OSI model. The security appliance cut-through proxy challenges a
user initially at the application layer and then authenticates against standard AAA servers or the local
database. After the security appliance authenticates the user, it shifts the session flow, and all traffic
flows directly and quickly between the source and destination while maintaining session state
information.
Configuring Authentication for Network Access
This section includes the following topics:
• Information About Authentication, page 23-2
• Configuring Network Access Authentication, page 23-4
• Enabling the Redirection Method of Authentication for HTTP and HTTPS, page 23-5
• Enabling Secure Authentication of Web Clients, page 23-5
• Authenticating Directly with the Security Appliance, page 23-6
• Configuring the Authentication Proxy Limit, page 23-9