Chapter 3 Network Configuration

Configuring AAA Servers

Deleting AAA Servers, page 3-18

AAAServer Configuration Options

AAAserver configurations enable ACS to interact with the AAA server that the configuration represents. AAA servers that do not have a corresponding configuration in ACS, or whose configuration in ACS is incorrect, do not receive AAA services from ACS, such as proxied authentication requests, database replication communication, remote logging, and RDBMS synchronization. Also, several distributed systems features require that the other ACSs included in the distributed system be represented in the AAA Servers table. For more information about distributed systems features, see About ACS in Distributed Systems, page 3-2.

After installation, the AAA Servers table automatically lists the machine on which ACS is installed. This machine is also defined as the default proxy server in the Proxy Distribution table, and appears by default in the RDBMS table.

Note In ACS SE, the name of the machine in the AAA servers table is listed as self; in the Proxy Distribution and RDBMS tables the appliance hostname is listed.

The Add AAA Server and AAA Server Setup pages include the following options:

AAA Server Name—The name that you assign to the AAA server configuration. The AAA server hostname that is configured in ACS does not have to match the hostname configured on a network device. We recommend that you adopt a descriptive, consistent naming convention for AAA server names. Maximum length for AAA server names is 32 characters.

Note After you submit the AAA server name, you cannot change it. If you want to use a different name for the AAA server, delete the AAA server configuration and create the AAA server configuration by using the new name.

AAA Server IP Address—The IP address of the AAA server, in dotted, four-octet format. For example, 10.77.234.3.

Key—The shared secret of the AAA server. Maximum length for AAA server keys is 32 characters.

For correct operation, the key must be identical on the remote AAA server and ACS. Keys are case sensitive. Because shared secrets are not synchronized, you could easily to make mistakes when entering them on remote AAA servers and ACS. If the shared secret does not match, ACS discards all packets from the remote AAA server.

Network Device Group—The name of the NDG to which this AAA server should belong. To make the AAA server independent of NDGs, use the Not Assigned selection.

Note This option does not appear if you have not configured ACS to use NDGs. To enable NDGs, choose Interface Configuration > Advanced Options. Then, check the Network Device Groups check box.

User Guide for Cisco Secure Access Control Server

 

OL-9971-01

3-15

 

 

 

Page 15
Image 15
Cisco Systems OL-9971-01 manual AAA Server Configuration Options