Cisco Systems OL-9971-01 About ACS in Distributed Systems, AAA Servers in Distributed Systems

Page 2

Chapter 3 Network Configuration

About ACS in Distributed Systems

Remote Agents (ACS Solution Engine)—This table lists each remote agent that is configured together with its IP address and available services. For more information about remote agents, see About Remote Agents, page 3-19.

Note The Remote Agents table does not appear unless you have enabled the Distributed System Settings feature in Interface Configuration. If you are using NDGs, this table does not appear on the initial page, but is accessed through the Network Device Groups table. For more information about this interface configuration, see Displaying Advanced Options, page 2-5.

Network Device Groups—This table lists the name of each NDG that has been configured, and the number of AAA clients and AAA servers that are assigned to each NDG. If you are using NDGs, the AAA Clients table and AAA Servers table do not appear on the opening page. To configure AAA clients or AAA servers, you must click the name of the NDG to which the device is assigned. If the newly configured device is not assigned to an NDG, it belongs to the (Not Assigned) group.

This table appears only when you have configured the interface to use NDGs. For more information about this interface configuration, see Displaying Advanced Options, page 2-5.

Proxy Distribution Table—You can use the Proxy Distribution Table to configure proxy capabilities including domain stripping. For more information, see Configuring Proxy Distribution Tables, page 3-27.

This table appears only when you have configured the interface to enable Distributed Systems Settings. For more information about this interface configuration, see Displaying Advanced Options, page 2-5.

About ACS in Distributed Systems

These topics describe how ACS can be used in a distributed system.

AAA Servers in Distributed Systems, page 3-2

Default Distributed System Settings, page 3-3

AAAServers in Distributed Systems

AAAserver is the generic term for an access-control server (ACS), and the two terms are often used interchangeably. Multiple AAA servers can be configured to communicate with one another as primary, backup, client, or peer systems. You can, therefore, use powerful features such as:

Proxy

Fallback on failed connection

ACS internal database replication

Remote and centralized logging

You can configure AAA servers to determine who can access the network and what services are authorized for each user. The AAA server stores a profile containing authentication and authorization information for each user. Authentication information validates user identity, and authorization information determines what network services a user can to use. A single AAA server can provide concurrent AAA services to many dial-up access servers, routers, and firewalls. Each network device can be configured to communicate with a AAA server. You can, therefore, centrally control dial-up access, and secure network devices from unauthorized access.

User Guide for Cisco Secure Access Control Server

3-2

OL-9971-01

 

 

Page 1 Page 3
Image 2
Page 1 Page 3
Contents Network Configuration About Network ConfigurationAbout ACS in Distributed Systems AAA Servers in Distributed SystemsProxy in Distributed Systems Default Distributed System SettingsProxy Feature Fallback on Failed Connection An ExampleRemote Use of Accounting Packets Character StringNetwork Device Search Criteria Other Features Enabled by System DistributionNetwork Device Searches Searching for Network Devices Configuring AAA Clients AAA Client Configuration OptionsNetwork Configuration Configuring AAA Clients Network Configuration Configuring AAA Clients Adding AAA Clients Before You BeginEditing AAA Clients Configuring a Default AAA Client Follow the steps for Adding AAA Clients,Configuring AAA Servers Deleting AAA ClientsAAA Server Configuration Options Adding AAA Servers Editing AAA Servers Configuring Remote Agents ACS Solution Engine Only Deleting AAA ServersRemote Agent Configuration Options About Remote AgentsAdding a Remote Agent Editing a Remote Agent Configuration Deleting a Remote Agent Configuration Configuring Network Device Groups Adding a Network Device Group Assigning an Unassigned AAA Client or AAA Server to an NDG Reassigning AAA Clients or AAA Servers to an NDGEditing a Network Device Group NDG properties are changedConfiguring Proxy Distribution Tables Deleting a Network Device GroupAbout the Proxy Distribution Table Adding a New Proxy Distribution Table EntryNetwork Configuration Configuring Proxy Distribution Tables Editing a Proxy Distribution Table Entry Deleting a Proxy Distribution Table Entry
Top Page Image Contents