506e Allow telnet into PIX from outside/internet
18 years 10 months ago #11085
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Replied by Chris on topic Re: 506e Allow telnet into PIX from outside/internet
For those who are unaware, the 'aaa' stands for Authentication-Authorisation-Accounting. A model developed to track users, what they can do, and log everything into a database for reference.
AAA is supported by all PIX firewalls, routers and switches and allow the creation of a 'central' database which contains all users and their passwords, along with their privileges for each system.
The service uses Cisco's TACACS or a RADIUS server which provides the necessary support for all this to function. Our Cisco lab is also built on a similar infustracture
The 'aaa authentication...' command tells the pix firewall to use the local database to verify credentials for incoming services such as ssh or console.
The 'aaa-server' command refers to the local 'aaa' server database which contains all usernames and password stored on the pix, but I'm not sure if this command is really required.
Cheers,
AAA is supported by all PIX firewalls, routers and switches and allow the creation of a 'central' database which contains all users and their passwords, along with their privileges for each system.
The service uses Cisco's TACACS or a RADIUS server which provides the necessary support for all this to function. Our Cisco lab is also built on a similar infustracture
The 'aaa authentication...' command tells the pix firewall to use the local database to verify credentials for incoming services such as ssh or console.
The 'aaa-server' command refers to the local 'aaa' server database which contains all usernames and password stored on the pix, but I'm not sure if this command is really required.
Cheers,
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Time to create page: 0.116 seconds