Chapter 3 Network Configuration

About ACS in Distributed Systems

Remote Agents (ACS Solution Engine)—This table lists each remote agent that is configured together with its IP address and available services. For more information about remote agents, see About Remote Agents, page 3-19.

Note The Remote Agents table does not appear unless you have enabled the Distributed System Settings feature in Interface Configuration. If you are using NDGs, this table does not appear on the initial page, but is accessed through the Network Device Groups table. For more information about this interface configuration, see Displaying Advanced Options, page 2-5.

Network Device Groups—This table lists the name of each NDG that has been configured, and the number of AAA clients and AAA servers that are assigned to each NDG. If you are using NDGs, the AAA Clients table and AAA Servers table do not appear on the opening page. To configure AAA clients or AAA servers, you must click the name of the NDG to which the device is assigned. If the newly configured device is not assigned to an NDG, it belongs to the (Not Assigned) group.

This table appears only when you have configured the interface to use NDGs. For more information about this interface configuration, see Displaying Advanced Options, page 2-5.

Proxy Distribution Table—You can use the Proxy Distribution Table to configure proxy capabilities including domain stripping. For more information, see Configuring Proxy Distribution Tables, page 3-27.

This table appears only when you have configured the interface to enable Distributed Systems Settings. For more information about this interface configuration, see Displaying Advanced Options, page 2-5.

About ACS in Distributed Systems

These topics describe how ACS can be used in a distributed system.

AAA Servers in Distributed Systems, page 3-2

Default Distributed System Settings, page 3-3

AAAServers in Distributed Systems

AAAserver is the generic term for an access-control server (ACS), and the two terms are often used interchangeably. Multiple AAA servers can be configured to communicate with one another as primary, backup, client, or peer systems. You can, therefore, use powerful features such as:

Proxy

Fallback on failed connection

ACS internal database replication

Remote and centralized logging

You can configure AAA servers to determine who can access the network and what services are authorized for each user. The AAA server stores a profile containing authentication and authorization information for each user. Authentication information validates user identity, and authorization information determines what network services a user can to use. A single AAA server can provide concurrent AAA services to many dial-up access servers, routers, and firewalls. Each network device can be configured to communicate with a AAA server. You can, therefore, centrally control dial-up access, and secure network devices from unauthorized access.

User Guide for Cisco Secure Access Control Server

3-2

OL-9971-01

 

 

Page 2
Image 2
Cisco Systems OL-9971-01 manual About ACS in Distributed Systems, AAA Servers in Distributed Systems