Aaa Performance - Cisco FirePOWER ASA 5500 series Configuration Manual

Applying AAA for Network Access
This chapter describes how to enable AAA (pronounced "triple A") for network access.
For information about AAA for management access, see the
Administrators" section on page
This chapter contains the following sections:
•
•
•
•
•

AAA Performance

The security appliance uses "cut-through proxy" to significantly improve performance compared to a
traditional proxy server. The performance of a traditional proxy server suffers because it analyzes every
packet at the application layer of the OSI model. The security appliance cut-through proxy challenges a
user initially at the application layer and then authenticates against standard AAA servers or the local
database. After the security appliance authenticates the user, it shifts the session flow, and all traffic
flows directly and quickly between the source and destination while maintaining session state
information.
Configuring Authentication for Network Access
This section includes the following topics:
•
•
•
OL-10088-01
AAA Performance, page 19-1
Configuring Authentication for Network Access, page 19-1
Configuring Authorization for Network Access, page 19-5
Configuring Accounting for Network Access, page 19-12
Using MAC Addresses to Exempt Traffic from Authentication and Authorization, page 19-13
Authentication Overview, page 19-2
Enabling Network Access Authentication, page 19-3
Enabling Secure Authentication of Web Clients, page 19-5
40-4.
Cisco Security Appliance Command Line Configuration Guide
C H A P T E R
"Configuring AAA for System
19
19-1