Cisco Systems OL-12180-01 manual Add/Edit AAA Server Group, 12-14

Chapter 12 Configuring AAA Servers and User Accounts

Identifying AAA Server Groups and Servers

•Delete—Removes the selected AAA server from the list.

•Move up—Moves the selected AAA server up in the AAA sequence.

•Move down—Moves the selected AAA server back in the AAA sequence.

•Test—Displays the Test AAA Server dialog box.

Modes

The following table shows the modes in which this feature is available:

1. HTTP Form and Clientless SSL VPN are supported only in single routed mode.

Add/Edit AAA Server Group

The Add/Edit AAA Server Group dialog box lets you add or modify AAA server groups. The results appear in the AAA Server table.

Fields

•Server Group— Display only. Shows the name of the selected server group.

•Protocol drop-down list—Specifies the protocols supported by servers in the group. They include RADIUS, TACACS+, NT Domain, SDI, Kerberos, LDAP, and HTTP Form for single sign-on (users of Clientless SSL VPN only).

Note The following fields are not available after selecting the HTTP Form protocol.

•Accounting Mode—Specifies the accounting mode used with the server group.

–Simultaneous—Configures the security appliance to send accounting data to all servers in the group.

–Single—Configures the security appliance to send accounting data to only one server of the group.

•Reactivation Mode—Specifies the method by which failed servers are reactivated.

–Depletion—Configures the security appliance to reactivate failed servers only after all of the servers in the group are inactive.

–Timed—Configures the security appliance to reactive failed servers after 30 seconds of down time.

•Dead Time—Specifies the number of minutes that will elapse between the disabling of the last server in the group and the subsequent reenabling of all servers. This field is not available for timed mode.

•Max Failed Attempts—Specifies the number of failed connection attempts (1 through 5) allowed before declaring a nonresponsive server inactive.