Chapter 4 Network Configuration
AAA Client Configuration
4-12
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
recommend that you adopt a descriptive, consistent naming convention for
AAA client hostnames. Maximum length for a AAA client hostname is 32
characters.
Note After you submit the AAA client hostname, you cannot change it. If
you want to use a different name for a AAA client, delete the AAA
client configuration and create a AAA client configuration using the
new name.
•AAA Client IP Address—At a minimum, a single IP address of a AAA client
or the keyword “dynamic”.
If you only use the keyword “dynamic”, with no IP addresses, the AAA client
configuration can only be used for command authorization for Cisco
multi-device management applications, such as Management Center for
Firewalls. Cisco Secure ACS only provides AAA services to devices based on
IP address, so it ignores such requests from a device whose AAA client
configuration only has the keyword “dynamic” in the Client IP Address box.
If you want a AAA client configuration in Cisco Secure ACS to represent
multiple network devices, you can specify multiple IP addresses. Separate
each IP address by pressing Enter.
In each IP address you specify, you have three options for each octet in the
address, as follows:
–
Number—You can specify a number, for example, 10.3.157.98.
–
Numeric Range—You can specify the low and high numbers of the
range in the octet, separated by a hyphen, for example, 10.3.157.10-50.
–
Wildcard—You can use an asterisk (*) to match all numbers in that
octet, for example, 10.3.157.*.
Cisco Secure ACS allows any octet or octets in the IP Address box to be a
number, a numeric range, or an asterisk, for example 172.16-31.*.*.
•Key—The shared secret of the AAA client. Maximum length for a AAA
client key is 32 characters.