The privilege command is used to assign a specific command to a specific privilege level.
During the Cisco Secure ACS install, you are prompted for an NAS IP address called access server name . This is the IP address of the PIX firewall.
The cut-through proxy enables you to control standard ports for HTTP, FTP, and Telnet services through the PIX firewall.
Virtual HTTP is used to prevent caching problems with Web browsers.
Virtual Telnet can be used when nonstandard port access is needed. HTTP, FTP, and Telnet are the standard ports.
Named ACLs are shared among several users and are downloaded only once during authentication. Unnamed ACLs are not shared and are downloaded during authentication.
Downloadable ACL can be performed only with RADIUS protocol, not TACACS+.
AAA stands for authentication, authorization, and accounting. You cannot have authorization without successful authentication first.
TACACS+ uses TCP for connections between AAA servers and clients , whereas RADIUS uses UDP connections.
The AAA command parameter local specifies the use of the local database for usernames and passwords.
The aaa-server command specifies the location of the AAA services: local, RADIUS, or TACACS+.
When users fail authentication, their basic connections are dropped.
