Chapter 3 Configuring the CSS as a Client of a RADIUS Server

Configuring a RADIUS Server for Use with the CSS

Configuring Authentication Settings

To configure the authentication settings on Cisco Secure ACS, go to the Network Configuration section of the Cisco Secure ACS HTML interface, the Add AAA Client page, and complete the following fields:

AAA Client Hostname - Enter a name you want assigned to the CSS.

AAA Client IP Address - Enter the IP address of the CSS Ethernet Management port or of a CSS circuit (depending on how the CSS is configured to communicate with the Cisco Secure ACS).

Key - Enter the shared secret that the CSS and Cisco Secure ACS use to authenticate transactions. For correct operation, you must specify the identical shared secret on both the Cisco Secure ACS and the CSS. The key is case-sensitive.

Authenticate Using - Select the RADIUS (IETF) network security protocol to use the standard IETF RADIUS attributes with the CSS.

Configuring Authorization Settings

To determine the privilege level of users accessing the CSS, you must configure the user accounts on the RADIUS server.

To configure the group authorization settings:

1.From the Group Setup section of the Cisco Secure ACS HTML interface, Group Setup Select page, select the group for which you want to configure RADIUS settings.

2.From the Group Settings section of the Cisco Secure ACS HTML interface, click the IETF RADIUS Attributes, [006] Service-Typecheckbox. Then select Administrative. Administrative is required to enable RADIUS authentication for privileged user (SuperUser) connection with the CSS.

 

 

Cisco Content Services Switch Security Configuration Guide

 

 

 

 

 

 

OL-5650-02

 

 

3-5

 

 

 

Page 75
Image 75
Cisco Systems OL-5650-02 manual Configuring Authentication Settings, Configuring Authorization Settings