Cisco Systems OL-9971-01 manual Configuring AAA Clients, AAA Client Configuration Options

Page 8

Chapter 3 Network Configuration

Configuring AAA Clients

Step 6 If you want to download a file containing the search results in a comma-separated value format, click Download, and use your browser to save the file to a location and filename of your choice.

Step 7 If you want to search again by using different criteria, repeat Step 3 and Step 4.

Configuring AAA Clients

This guide uses the term “AAA client” comprehensively to signify the device through which or to which service access is attempted. This is the RADIUS or TACACS+ client device, and may comprise Network Access Servers (NASs), PIX Firewalls, routers, or any other RADIUS or TACACS+ hardware or software client.

This section contains the following topics:

AAA Client Configuration Options, page 3-8

Adding AAA Clients, page 3-11

Editing AAA Clients, page 3-12

Deleting AAA Clients, page 3-14

AAAClient Configuration Options

AAAclient configurations enable ACS to interact with the network devices that the configuration represents. A network device that does not have a corresponding configuration in ACS, or whose configuration in ACS is incorrect, does not receive AAA services from ACS.

The Add AAA Client and AAA Client Setup pages include:

AAA Client Hostname—The name that you assign to the AAA client configuration. Each AAA client configuration can represent multiple network devices; thus, the AAA client hostname configured in ACS is not required to match the hostname configured on a network device. We recommend that you adopt a descriptive, consistent naming convention for AAA client hostnames. Maximum length for AAA client hostnames is 32 characters.

Note After you submit the AAA client hostname, you cannot change it. If you want to use a different name for AAA clients, delete the AAA client configuration and create a new AAA client configuration by using the new name.

AAA Client IP Address—At a minimum, a single IP address of the AAA client or the keyword dynamic.

If you only use the keyword dynamic, with no IP addresses, the AAA client configuration can only be used for command authorization for Cisco multi device-management applications, such as Management Center for Firewalls. ACS only provides AAA services to devices based on IP address; so it ignores such requests from a device whose AAA client configuration only has the keyword dynamic in the Client IP Address box.

If you want the AAA client configuration in ACS to represent multiple network devices, you can specify multiple IP addresses. Separate each IP address by pressing Enter.

In each IP address that you specify, you have three options for each octet in the address:

User Guide for Cisco Secure Access Control Server

3-8

OL-9971-01

 

 

Page 7 Page 9
Image 8
Page 7 Page 9
Contents Network Configuration About Network ConfigurationAbout ACS in Distributed Systems AAA Servers in Distributed SystemsProxy in Distributed Systems Default Distributed System SettingsProxy Feature Fallback on Failed Connection An ExampleRemote Use of Accounting Packets Character StringNetwork Device Search Criteria Other Features Enabled by System DistributionNetwork Device Searches Searching for Network Devices Configuring AAA Clients AAA Client Configuration OptionsNetwork Configuration Configuring AAA Clients Network Configuration Configuring AAA Clients Adding AAA Clients Before You BeginEditing AAA Clients Configuring a Default AAA Client Follow the steps for Adding AAA Clients,Configuring AAA Servers Deleting AAA ClientsAAA Server Configuration Options Adding AAA Servers Editing AAA Servers Configuring Remote Agents ACS Solution Engine Only Deleting AAA ServersRemote Agent Configuration Options About Remote AgentsAdding a Remote Agent Editing a Remote Agent Configuration Deleting a Remote Agent Configuration Configuring Network Device Groups Adding a Network Device Group Assigning an Unassigned AAA Client or AAA Server to an NDG Reassigning AAA Clients or AAA Servers to an NDGEditing a Network Device Group NDG properties are changedConfiguring Proxy Distribution Tables Deleting a Network Device GroupAbout the Proxy Distribution Table Adding a New Proxy Distribution Table EntryNetwork Configuration Configuring Proxy Distribution Tables Editing a Proxy Distribution Table Entry Deleting a Proxy Distribution Table Entry
Top Page Image Contents