Chapter 3 Network Configuration

Configuring AAA Servers

Log Update/Watchdog Packets from this remote AAA Server—Enables logging of update or watchdog packets from AAA clients that are forwarded by the remote AAA server to this ACS. Watchdog packets are interim packets that are sent periodically during a session. They provide you with an approximate session length if the AAA client fails and, therefore, no stop packet is received to mark the end of the session.

AAA Server Type—One of types:

RADIUS—Select this option if the remote AAA server is configured by using any type of RADIUS protocol.

TACACS+—Select this option if the remote AAA server is configured by using the TACACS+ protocol.

ACS—Select this option if the remote AAA server is another ACS. This action enables you to configure features that are only available with other ACSs, such as ACS internal database replication and remote logging.

Traffic Type—The Traffic Type list defines the direction in which traffic to and from the remote AAA server is permitted to flow from this ACS. The list includes:

Inbound—The remote AAA server accepts requests that have been forwarded to it and does not forward the requests to another AAA server. Select this option if you do not want to permit any authentication requests to be forwarded from the remote AAA server.

Outbound—The remote AAA server sends out authentication requests but does not receive them. If a Proxy Distribution Table entry is configured to proxy authentication requests to the AAA server that is configured for Outbound, the authentication request is not sent.

Inbound/Outbound—The remote AAA server forwards and accepts authentication requests, allowing the selected server to handle authentication requests in any manner that is defined in the distribution tables.

AAA Server RADIUS Authentication Port—Specify the port on which the AAA server accepts authentication requests. The standard port is 1812, and another commonly used port is 1645. If you select TACACS+ in the AAA Server Type field, this RADIUS Authentication Port field is dimmed.

AAA Server RADIUS Accounting Port—Specify the port on which the AAA server accepts accounting information. The standard port is 1813, and another commonly used port is 1646. If you select TACACS+ in the AAA Server Type field, this RADIUS Accounting Port field is dimmed.

Adding AAA Servers

Before You Begin

For descriptions of the options that are available while adding a remote AAA server configuration, see AAA Server Configuration Options, page 3-15.

For ACS to provide AAA services to a remote AAA server, you must ensure that gateway devices between the remote AAA server and ACS permit communication over the ports that support the applicable AAA protocol (RADIUS or TACACS+). For information about ports that AAA protocols use, see AAA Protocols—TACACS+ and RADIUS, page 1-3 .

To add and configure AAA servers:

Step 1 In the navigation bar, click Network Configuration.

The Network Configuration page opens.

User Guide for Cisco Secure Access Control Server

3-16

OL-9971-01

 

 

Page 16
Image 16
Cisco Systems OL-9971-01 manual Adding AAA Servers