Troubleshooting guide

ManualsBrandsCisco ManualsComputer equipmentWide Area Virtualization Engine 274

201

202

203

204

205

206

207

208

209

210

1-2

Cisco Wide Area Application Services Configuration Guide

OL-26579-01

Chapter 1 Configuring Administrative Login Authentication, Authorization, and Accounting

About Administrative Login Authentication and Authorization

The WAAS software provides the following authentication, authorization, and accounting (AAA)

support for users who have external access servers (for example, RADIUS or TACACS+ servers), and

for users who need a local access database with AAA features:

• Authentication (or login authentication) is the action of determining who the user is. It checks the

username and password.

• Authorization (or configuration) is the action of determining what a user is allowed to do. It permits

or denies privileges for authenticated users in the network. Generally, authentication precedes

authorization. Both authentication and authorization are required for a user log in.

• Accounting is the action of keeping track of administrative user activities for system accounting

purposes. In the WAAS software, AAA accounting through TACACS+ is supported. For more

information, see the “Configuring AAA Accounting for WAAS Devices” section on page 1-31.

Note An administrator can log in to the WAAS Central Manager device through the console port

or the WAAS Central Manager GUI. An administrator can log in to a WAAS device that is

functioning as a data center or branch WAE through the console port or the WAE Device

Manager GUI.

When the system administrator logs in to a WAAS device before authentication and authorization have

been configured, the administrator can access the WAAS device by using the predefined superuser

account (the predefined username is admin and the predefined password is default). When you log in to

a WAAS device using this predefined superuser account, you are granted access to all the WAAS services

and entities in the WAAS system.

Note Each WAAS device must have one administrator account with the username admin. You cannot change

the username of the predefined superuser account. The predefined superuser account must have the

username admin.

After you have initially configured your WAAS devices, we strongly recommend that you immediately

change the password for the predefined superuser account (the predefined username is admin, the

password is default, and the privilege level is superuser, privilege level 15) on each WAAS device.

For instructions on using the WAAS Central Manager GUI to change the password for the predefined

superuser account, see the “Changing the Password for Your Own Account” section on page 1-6.

Figure 1-1 shows how an administrator can log in to a WAE through the console port or the WAAS GUIs

(the WAAS Central Manager GUI or the WAE Device Manager GUI). When the WAAS device receives

an administrative login request, the WAE can check its local database or a remote third-party database

(TACACS+, RADIUS, or Windows domain database) to verify the username with the password and to

determine the access privileges of the administrator.