Chapter 8 Managing Users and Identity Stores

Managing External Identity Stores

Table 8-16 RADIUS Identity Server - General Tab (continued)

Option

Description

Server Connection

Enable Secondary Server

Check this check box to use a secondary RADIUS identity server as a backup server in case the primary RADIUS identity server fails.

If you enable the secondary server, you must configure the parameters for the secondary RADIUS identity server and must choose one of the following options:

Always Access Primary Server First—Select this option to ensure that ACS always accesses the primary RADIUS identity server first before the secondary server is accessed.

Failback To Primary Server After n Minutes—Select this option to set the number of minutes ACS can use the secondary server for authentication.

After this time expires, ACS should again attempt to authenticate using the primary server. The default value is 5 minutes.

Primary Server

Server IP Address

IP address of the primary RADIUS identity server.

 

 

Shared Secret

Shared secret between ACS and the primary RADIUS identity server.

 

A shared secret is an expected string of text, which a user must provide

 

before the network device authenticates a username and password. The

 

connection is rejected until the user supplies the shared secret.

 

 

Authentication Port

Port number on which the RADIUS primary server listens. Valid options

 

are from 1 to 65,535. The default value is 1812.

 

 

Server Timeout n Seconds

Number of seconds, n, that ACS waits for a response from the primary

 

RADIUS identity server before it determines that the connection to the

 

primary server has failed. Valid options are from 1 to 300. The default

 

value is 5.

 

 

Connection Attempts

Specifies the number of times that ACS should attempt to reconnect before

 

contacting the secondary RADIUS identity server or dropping the

 

connection if no secondary server is configured. Valid options are from 1

 

to 10. The default value is 3.

 

 

Secondary Server

 

 

 

Server IP Address

IP address of the secondary RADIUS identity server.

 

 

Shared Secret

Shared secret between ACS and the secondary RADIUS identity server.

 

The shared secret must be identical to the shared secret that is configured

 

on the RADIUS identity server.

 

A shared secret is an expected string of text, which a user must provide

 

before the network device authenticates a username and password. The

 

connection is rejected until the user supplies the shared secret.

 

 

Authentication Port

Port number on which the RADIUS secondary server listens. Valid options

 

are from 1 to 65,535. The default value is 1812.

 

 

 

 

User Guide for Cisco Secure Access Control System 5.3

 

 

 

 

 

 

OL-24201-01

 

 

8-65

 

 

 

 

 

Page 216 Page 218
Page 217
Image 217
Cisco Systems OL-24201-01 manual Server Connection
Page 216 Page 218
Top Page Image Contents