Manualshelf

Troubleshooting guide

ManualsBrandsCisco ManualsComputer equipmentWide Area Virtualization Engine 274
61626364656667686970
1-26
Cisco Wide Area Application Services Configuration Guide
OL-26579-01
Chapter 1 Planning Your WAAS Network
WAAS Login Authentication and Authorization
Note IP ACLs that are applied on interfaces, and WCCP ACLs, always take precedence over any interception
ACLs and WAAS application definitions that have been defined on the WAE.
Interception ACLs on WAEs
You can configure an interception ACL to control what incoming traffic across all interfaces is to be
intercepted by a WAE device. Packets that are permitted by the ACL are intercepted by the WAE and
packets that are denied by the ACL are passed through the WAE without processing. By configuring
interception ACLs on the WAE, you can control traffic interception without modifying the router
configuration.
An interception ACL can be used both with WCCP and inline interception.
Interception ACLs that are defined on a WAE always take precedence over any WAAS application
definitions that have been defined on the WAE, but they are applied after interface ACLs and WCCP
ACLs.
For information about how to configure an interception ACL for a WAE, see the “Configuring
Interception Access Control Lists” section on page 1-28.
WAAS Login Authentication and Authorization
In the WAAS network, administrative login authentication and authorization are used to control login
requests from administrators who want to access a WAAS device for configuring, monitoring, or
troubleshooting purposes.
Login authentication is the process by which WAAS devices verify whether the administrator who is
attempting to log in to the device has a valid username and password. The administrator who is logging
in must have a user account registered with the device. User account information serves to authorize the
user for administrative login and configuration privileges. The user account information is stored in an
AAA database, and the WAAS devices must be configured to access the particular authentication server
(or servers) where the AAA database is located. When the user attempts to log in to a device, the device
compares the person’s username, password, and privilege level to the user account information that is
stored in the database.
The WAAS software provides the following authentication, authorization, and accounting (AAA)
support for users who have external access servers (for example, RADIUS, TACACS+, or Windows
domain servers), and for users who need a local access database with AAA features:
Authentication (or login authentication) is the action of determining who the user is. It checks the
username and password.
Authorization (or configuration) is the action of determining what a user is allowed to do. It permits
or denies privileges for authenticated users in the network. Generally, authentication precedes
authorization. Both authentication and authorization are required for a user log in.
Accounting is the action of keeping track of administrative user activities for system accounting
purposes. In the WAAS software, AAA accounting through TACACS+ is supported.
For more information, see the “Configuring AAA Accounting for WAAS Devices” section on page 1-31.