!---Enable the authentication, authorization, and accounting (AAA) access control model.
aaa new-model
!
!---Identify the Cisco Secure Authentication Control Server (ACS) as a member of a
!---AAA server group. In this example, the AAA server group is called "SJ."
aaa group server tacacs+ SJ
server 192.168.101.119
!
!---Enable AAA authentication at login and specify the authentication methods to try.
aaa authentication login default local group SJ none
!---Restrict user access to the network:
!---(a) Run authorization to determine if the user is allowed to run an EXEC shell.
!---(b) Enable authorization that applies specific security policies on a per-user basis.
!---You must use the "aaa authorization auth-proxy" command together with the
!---"ip auth-proxy <name>" command (later in this configuration). Together, these
!---commands set up the authorization policy to be retrieved by the firewall.
aaa authorization exec default group SJ none
aaa authorization auth-proxy default group SJ
!---Make sure that the same session ID is used for each AAA accounting service type
!---within a call.
aaa session-id common
.
.
.
!---Define a set of inspection rules. In this example, the set is called "myfw."
!---Include each protocol that you wa
aaa new-model
!
!---Identify the Cisco Secure Authentication Control Server (ACS) as a member of a
!---AAA server group. In this example, the AAA server group is called "SJ."
aaa group server tacacs+ SJ
server 192.168.101.119
!
!---Enable AAA authentication at login and specify the authentication methods to try.
aaa authentication login default local group SJ none
!---Restrict user access to the network:
!---(a) Run authorization to determine if the user is allowed to run an EXEC shell.
!---(b) Enable authorization that applies specific security policies on a per-user basis.
!---You must use the "aaa authorization auth-proxy" command together with the
!---"ip auth-proxy <name>" command (later in this configuration). Together, these
!---commands set up the authorization policy to be retrieved by the firewall.
aaa authorization exec default group SJ none
aaa authorization auth-proxy default group SJ
!---Make sure that the same session ID is used for each AAA accounting service type
!---within a call.
aaa session-id common
.
.
.
!---Define a set of inspection rules. In this example, the set is called "myfw."
!---Include each protocol that you wa