Filter
Top Products
15-26
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 15 Managing Firewall AAA Rules
AAA Firewall Settings Policies
General Tab
Authorization Server Groups The AAA server group policy objects that identify the LDAP,
TACACS+, or RADIUS servers that will provide per-user authorization
control. You can also use the LOCAL user database defined on the
device.
Enter the names of the server group objects, or click Select to select
them from a list or to create new objects. Ensure that you put the groups
in priority order; authorization is attempted with the first group and if
that group is not available, with subsequent groups.
Accounting Server Groups
Use Broadcast for
Accounting
The AAA server group policy objects that identify the LDAP,
TACACS+, or RADIUS servers that will provide accounting services.
Accounting collects per-user usage information for billing, security, or
resource allocation purposes. Enter the names of the server group
objects, or click Select to select them from a list or to create new
objects.
Ensure that you put the groups in priority order; if you do not select the
broadcast option, accounting is attempted with the first group and if
that group is not available, with subsequent groups.
If you select Use Broadcast for Accounting, accounting records are
sent simultaneously to the first server in each group. If the first server
is unavailable, failover occurs using the backup servers defined within
that group.
Accounting Notice The types of accounting notices to be sent to the accounting server
groups:
• Start-stop—Sends a start accounting notice at the beginning of a
user process and a stop accounting notice at the end of the process.
The start accounting record is sent in the background. The
requested user process begins regardless of whether the start
accounting notice was received by the accounting server.
• Stop-only—Sends a stop accounting notice at the end of the
requested user process.
• None—No accounting records are sent.
HTTP Banner
FTP Banner
Telnet Banner
The banner you want to present on the authentication proxy page to the
user when the user is prompted to authenticate for the specified service:
• Disable Banner Text—No banner is displayed.
• Use Default Banner Text—Displays the default banner “Cisco
Systems, router hostname Authentication.”
• Use Custom Banner Text—Enter the text you want to present to the
user.
Table 15-8 AAA Firewall Settings Policy (Continued)
Element Description