Appendix A AAA Protocols

Overview of RADIUS

Overview of RADIUS

This section contains the following topics:

RADIUS VSAs, page A-6

ACS 5.3 as the AAA Server, page A-7

RADIUS Attribute Support in ACS 5.3, page A-8

RADIUS Access Requests, page A-9

RADIUS is a client/server protocol through which remote access servers communicate with a central server to authenticate dial-in users, and authorize their access to the requested system or service. A company could use RADIUS to maintain user profiles in a central database that all remote servers can share.

This protocol provides better security, and the company can use it to set up a policy that is applied at a single administered network point.

To support the older and newer RFCs, ACS 5.3 accepts authentication requests on port 1645 and port 1812. For accounting, ACS accepts accounting packets on ports 1646 and 1813.

RADIUS VSAs

ACS 5.3 provides a set of standard IETF RADIUS attributes. You can identify RADIUS IETF attributes that are currently unused by their names. These unused attributes are named in the following format: attribute-nnn, where attribute is the name of the attribute and nnn is the ID of the attribute.

In addition, ACS 5.3 supports RADIUS VSAs. The following set of predefined RADIUS VSAs are available after you install ACS 5.3:

Cisco

Cisco VPN 5000

Microsoft

US Robotics

Ascend

Nortel (Bay Networks)

RedCreek

Juniper

Cisco VPN 3000

Cisco Business Service Management (BSM)

Cisco Aironet

Cisco Airespace

You can modify these predefined RADIUS VSAs or define new RADIUS VSAs. You can create, edit, and duplicate RADIUS VSAs. For more information, see Creating, Duplicating, and Editing RADIUS Vendor-Specific Attributes, page 18-6.

User Guide for Cisco Secure Access Control System 5.3

 

A-6

OL-24201-01

 

 

 

Page 576
Image 576
Cisco Systems OL-24201-01 manual Overview of Radius, Radius VSAs