Cisco Systems OL-9971-01 manual Adding AAA Servers

Page 16

Chapter 3 Network Configuration

Configuring AAA Servers

Log Update/Watchdog Packets from this remote AAA Server—Enables logging of update or watchdog packets from AAA clients that are forwarded by the remote AAA server to this ACS. Watchdog packets are interim packets that are sent periodically during a session. They provide you with an approximate session length if the AAA client fails and, therefore, no stop packet is received to mark the end of the session.

AAA Server Type—One of types:

RADIUS—Select this option if the remote AAA server is configured by using any type of RADIUS protocol.

TACACS+—Select this option if the remote AAA server is configured by using the TACACS+ protocol.

ACS—Select this option if the remote AAA server is another ACS. This action enables you to configure features that are only available with other ACSs, such as ACS internal database replication and remote logging.

Traffic Type—The Traffic Type list defines the direction in which traffic to and from the remote AAA server is permitted to flow from this ACS. The list includes:

Inbound—The remote AAA server accepts requests that have been forwarded to it and does not forward the requests to another AAA server. Select this option if you do not want to permit any authentication requests to be forwarded from the remote AAA server.

Outbound—The remote AAA server sends out authentication requests but does not receive them. If a Proxy Distribution Table entry is configured to proxy authentication requests to the AAA server that is configured for Outbound, the authentication request is not sent.

Inbound/Outbound—The remote AAA server forwards and accepts authentication requests, allowing the selected server to handle authentication requests in any manner that is defined in the distribution tables.

AAA Server RADIUS Authentication Port—Specify the port on which the AAA server accepts authentication requests. The standard port is 1812, and another commonly used port is 1645. If you select TACACS+ in the AAA Server Type field, this RADIUS Authentication Port field is dimmed.

AAA Server RADIUS Accounting Port—Specify the port on which the AAA server accepts accounting information. The standard port is 1813, and another commonly used port is 1646. If you select TACACS+ in the AAA Server Type field, this RADIUS Accounting Port field is dimmed.

Adding AAA Servers

Before You Begin

For descriptions of the options that are available while adding a remote AAA server configuration, see AAA Server Configuration Options, page 3-15.

For ACS to provide AAA services to a remote AAA server, you must ensure that gateway devices between the remote AAA server and ACS permit communication over the ports that support the applicable AAA protocol (RADIUS or TACACS+). For information about ports that AAA protocols use, see AAA Protocols—TACACS+ and RADIUS, page 1-3 .

To add and configure AAA servers:

Step 1 In the navigation bar, click Network Configuration.

The Network Configuration page opens.

User Guide for Cisco Secure Access Control Server

3-16

OL-9971-01

 

 

Page 15 Page 17
Image 16
Page 15 Page 17
Contents Network Configuration About Network ConfigurationAbout ACS in Distributed Systems AAA Servers in Distributed SystemsProxy Feature Default Distributed System SettingsProxy in Distributed Systems Fallback on Failed Connection An ExampleRemote Use of Accounting Packets Character StringNetwork Device Searches Other Features Enabled by System DistributionNetwork Device Search Criteria Searching for Network Devices Configuring AAA Clients AAA Client Configuration OptionsNetwork Configuration Configuring AAA Clients Network Configuration Configuring AAA Clients Adding AAA Clients Before You BeginEditing AAA Clients Configuring a Default AAA Client Follow the steps for Adding AAA Clients,Configuring AAA Servers Deleting AAA ClientsAAA Server Configuration Options Adding AAA Servers Editing AAA Servers Configuring Remote Agents ACS Solution Engine Only Deleting AAA ServersRemote Agent Configuration Options About Remote AgentsAdding a Remote Agent Editing a Remote Agent Configuration Deleting a Remote Agent Configuration Configuring Network Device Groups Adding a Network Device Group Assigning an Unassigned AAA Client or AAA Server to an NDG Reassigning AAA Clients or AAA Servers to an NDGEditing a Network Device Group NDG properties are changedConfiguring Proxy Distribution Tables Deleting a Network Device GroupAbout the Proxy Distribution Table Adding a New Proxy Distribution Table EntryNetwork Configuration Configuring Proxy Distribution Tables Editing a Proxy Distribution Table Entry Deleting a Proxy Distribution Table Entry
Top Page Image Contents