Cisco Systems OL-12180-01 manual 12-13

Chapter 12 Configuring AAA Servers and User Accounts

Identifying AAA Server Groups and Servers

If AAA accounting is in effect, the accounting information goes only to the active server, unless you have configured simultaneous accounting.

For an overview of AAA services, see the “AAA Overview” section on page 12-1 .

Fields

The fields in the AAA Server Groups pane are grouped into two main areas: the AAA Server Groups area and the Servers In The Selected Group area. The AAA Server Groups area lets you configure AAA server groups and the protocols the security appliance uses to communicate with the servers listed in each group.

Note Double-clicking any of the rows in the AAA Server Groups table opens the Edit AAA Server Group dialog box, in which you can modify the AAA Server Group parameters. These changes are immediately reflected in the table, but you must click Apply to save them to the configuration.

Clicking a column head sorts the table rows in alphanumeric order according to the contents of that column.

•Server Group— Display only. Shows the symbolic name of the selected server group.

•Protocol— Display only. Lists the AAA protocol that servers in the group support.

•Accounting Mode— Display only. Shows either simultaneous or single mode accounting. In single mode, the security appliance sends accounting data to only one server. In simultaneous mode, the security appliance sends accounting data to all servers in the group.

•Reactivation Mode— Display only. Shows the method by which failed servers are reactivated: Depletion or Timed reactivation mode. In Depletion mode, failed servers are reactivated only after all of the servers in the group are inactive. In Timed mode, failed servers are reactivated after 30 seconds of down time.

•Dead Time— Display only. Shows the number of minutes that will elapse between the disabling of the last server in the group and the subsequent reenabling of all servers. This parameter applies only in depletion mode.

•Max Failed Attempts— Display only. Shows the number of failed connection attempts allowed before declaring a nonresponsive server inactive.

•Add—Displays the Add AAA Server Group dialog box.

•Edit—Displays the Edit AAA Server Group dialog box, or, if you have selected LOCAL as the server group, displays the Edit AAA Local Server Group dialog box.

•Delete—Removes the currently selected server group entry from the server group table. There is no confirmation or undo.

The Servers In Selected Group area, the second area of the AAA Server Groups pane, lets you add and configure AAA servers for existing AAA server groups. The servers can be RADIUS, TACACS+, NT, SDI, Kerberos, LDAP, or HTTP-form servers.

•Server Name or IP Address— Display only. Shows the name or IP address of the AAA server.

•Interface— Display only. Shows the network interface where the authentication server resides.

•Timeout— Display only. Shows the timeout interval, in seconds. This is the time after which the security appliance gives up on the request to the primary AAA server. If there is a standby AAA server, the security appliance sends the request to the backup server.

•Add/Edit—Displays the Add/Edit AAA Server dialog box.