Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

23-9

Cisco ASDM User Guide

OL-16647-01

Chapter 23 Applying AAA for Network Access

Configuring Authorization for Network Access

Configuring the Authentication Proxy Limit

You can manually configure the uauth session limit by setting the maximum number of concurrent proxy

connections allowed per user.

To set the proxy limit, perform the following steps:

Step 1 From the Configuration > Firewall > AAA Rules pane, click Advanced.

The AAA Rules Advanced Options dialog box appears.

Step 2 In the Proxy Limit area, check Enable Proxy Limit.

Step 3 In the Proxy Limit field, enter the number of concurrent proxy connections allowed per user, from 1 to

128.

Step 4 Click OK, and then click Apply.

Configuring Authorization for Network Access

After a user authenticates for a given connection, the security appliance can use authorization to further

control traffic from the user.

This section includes the following topics:

• Configuring TACACS+ Authorization, page 23-9

• Configuring RADIUS Authorization, page 23-10

Configuring TACACS+ Authorization

You can configure the security appliance to perform network access authorization with TACACS+.

Authentication and authorization rules are independent; however, any unauthenticated traffic matched

by an authorization rule will be denied. For authorization to succeed:

1. A user must first authenticate with the security appliance.

Because a user at a given IP address only needs to authenticate one time for all rules and types, if

the authentication session hasn’t expired, authorization can occur even if the traffic is not matched

by an authentication rule.

2. After a user authenticates, the security appliance checks the authorization rules for matching traffic.

3. If the traffic matches the authorization rule, the security appliance sends the username to the

TACACS+ server.

4. The TACACS+ server responds to the security appliance with a permit or a deny for that traffic,

based on the user profile.

5. The security appliance enforces the authorization rule in the response.

See the documentation for your TACACS+ server for information about configuring network access

authorizations for a user.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems OL-16647-01 Network Router User Manual