Cisco Systems OL-9971-01 manual Proxy in Distributed Systems, Default Distributed System Settings

Page 3

Chapter 3 Network Configuration

Proxy in Distributed Systems

These types of access control have unique authentication and authorization requirements. With ACS, system administrators can use a variety of authentication methods that are used with different degrees of authorization privileges.

Completing the AAA functionality, ACS serves as a central repository for accounting information. Each user session that ACS grants can be fully accounted for, and its accounting information can be stored in the server. You can use this accounting information for billing, capacity planning, and security audits.

Note If the fields mentioned in this section do not appear in the ACS web interface, you can enable them by choosing Interface Configuration > Advanced Options. Then, check the Distributed System Settings check box.

Default Distributed System Settings

You use the AAA Servers table and the Proxy Distribution Table to establish distributed system settings. The parameters that are configured within these tables create the foundation so that you can configure multiple ACSs to work with one another. Each table contains an ACS entry for itself. In the AAA Servers table, the only AAA server that is initially listed is itself (in ACS SE, the server name is listed as self); the Proxy Distribution Table lists an initial entry of (Default), which displays how the local ACS is configured to handle each authentication request locally.

You can configure additional AAA servers in the AAA Servers table. These devices can, therefore, become visible in the web interface so that they can be configured for other distributed features such as proxy, ACS internal database replication, remote logging, and RDBMS synchronization. For information about configuring additional AAA servers, see Adding AAA Servers, page 3-16.

Proxy in Distributed Systems

Proxy is a powerful feature that enables you to use ACS for authentication in a network that uses more than one AAA server. This section contains the following topics:

The Proxy Feature, page 3-3

Fallback on Failed Connection, page 3-4

Remote Use of Accounting Packets, page 3-5

Other Features Enabled by System Distribution, page 3-6

The Proxy Feature

Using proxy, ACS automatically forwards an authentication request from AAA clients to AAA servers. After the request has been successfully authenticated, the authorization privileges that you configured for the user on the remote AAA server are passed back to the original ACS, where the AAA client applies the user profile information for that session.

Proxy provides a useful service to users, such as business travelers, who dial in to a network device other than the one they normally use and would otherwise be authenticated by a foreign AAA server. To configure proxy, you choose Interface Configuration > Advanced Options. Then, check the

Distributed System Settings check box.

User Guide for Cisco Secure Access Control Server

 

OL-9971-01

3-3

 

 

 

Image 3
Contents About Network Configuration Network ConfigurationAAA Servers in Distributed Systems About ACS in Distributed SystemsDefault Distributed System Settings Proxy FeatureProxy in Distributed Systems An Example Fallback on Failed ConnectionCharacter String Remote Use of Accounting PacketsOther Features Enabled by System Distribution Network Device SearchesNetwork Device Search Criteria Searching for Network Devices AAA Client Configuration Options Configuring AAA ClientsNetwork Configuration Configuring AAA Clients Network Configuration Configuring AAA Clients Before You Begin Adding AAA ClientsEditing AAA Clients Follow the steps for Adding AAA Clients, Configuring a Default AAA ClientDeleting AAA Clients Configuring AAA ServersAAA Server Configuration Options Adding AAA Servers Editing AAA Servers Deleting AAA Servers Configuring Remote Agents ACS Solution Engine OnlyAbout Remote Agents Remote Agent Configuration OptionsAdding a Remote Agent Editing a Remote Agent Configuration Deleting a Remote Agent Configuration Configuring Network Device Groups Adding a Network Device Group Reassigning AAA Clients or AAA Servers to an NDG Assigning an Unassigned AAA Client or AAA Server to an NDGNDG properties are changed Editing a Network Device GroupDeleting a Network Device Group Configuring Proxy Distribution TablesAdding a New Proxy Distribution Table Entry About the Proxy Distribution TableNetwork Configuration Configuring Proxy Distribution Tables Deleting a Proxy Distribution Table Entry Editing a Proxy Distribution Table Entry