Cisco Systems OL-9971-01 AAA Server Configuration Options

3-15

User Guide for Cisco Secure Access Control Server

OL-9971-01

Chapter3 Network Configuration Configuring AAA Servers

•Deleting AAA Servers, page 3-18

AAA Server Configuration Options

AAAserver configurations enable ACS to interact with the AAA server that the configurationrepresents.

AAA servers that do not have a corresponding configurationin ACS, or whose configuration in ACS is

incorrect, do not receive AAA services from ACS, such as proxied authentication requests, database

replication communication, remote logging, and RDBMS synchronization. Also, several distributed

systems features require that the other ACSs included in the distributed system be represented in the

AAA Servers table. For more information about distributed systems features, see About ACS in

Distributed Systems, page 3-2.

Afterinstallation, the AAA Servers table automatically lists the machine on which ACS is installed. This

machineis also defined as the default proxy server in the Proxy Distribution table, and appears by default

in the RDBMS table.

Note In ACS SE, the name of the machine in the AAA serverstable is listed as self; in the Proxy Distribution

and RDBMS tables the appliance hostname is listed.

The Add AAA Server and AAA Server Setup pages include the following options:

•AAA Server Name—The name that you assign to the AAA server configuration.The AAA server

hostname that is configured in ACS does not have to match the hostname configured on a network

device. Werecommend that you adopt a descriptive, consistent naming convention for AAA server

names. Maximum length for AAA server names is 32 characters.

Note After you submit the AAA server name, you cannot change it. If you want to use a different

name for the AAA server, delete the AAA server configuration and create the AAA server

configuration by using the new name.

•AAA Server IP Address—The IP address of the AAA server, in dotted, four-octet format. For

example, 10.77.234.3.

•Key—The shared secret of the AAA server.Maximum length for AAA server keys is 32 characters.

For correct operation, the key must be identical on the remote AAA serverand ACS. Keys are case

sensitive. Because shared secrets are not synchronized, you could easily to make mistakes when

entering them on remote AAA servers and ACS. If the shared secret does not match, ACSdiscards

all packets from the remote AAA server.

•Network DeviceGroup—The name of the NDG to which this AAA server should belong. To make

the AAA server independent of NDGs, use the Not Assigned selection.

Note This option does not appear if you havenot configured ACS to use NDGs. To enable NDGs,

choose Interface Configuration > Advanced Options. Then, check the Network Device

Groups check box.