Cisco Systems OL-9971-01 About ACS in Distributed Systems

3-2

User Guide for Cisco Secure Access Control Server

OL-9971-01

Chapter3 Network Configuration

About ACS in Distributed Systems

•Remote Agents (ACS Solution Engine)—This table lists each remote agent that is configured

together with its IP address and available services. For more information about remote agents, see

About Remote Agents, page 3-19.

Note The Remote Agents table does not appear unless you have enabled the Distributed System

Settings feature in Interface Configuration.If you are using NDGs, this table does not appear on

the initial page, butis accessed through the Network Device Groups table. For more information

about this interface configuration, see Displaying Advanced Options, page 2-5.

•Network Device Groups—Thistable lists the name of each NDG that has been configured, and the

number of AAA clients and AAA servers that are assigned to each NDG. If you are using NDGs,

the AAA Clients table and AAA Serverstable do not appear on the opening page. To configure AAA

clients or AAA servers, you must click the name of the NDG to which the device is assigned. If the

newly configured device is not assigned to an NDG, it belongs to the (Not Assigned) group.

This table appears only when you haveconfigured the interface to use NDGs. For more information

about this interface configuration, see Displaying Advanced Options, page 2-5.

•Proxy Distribution Table—You can use the Proxy Distribution Table to configure proxy

capabilities including domain stripping. For more information, see ConfiguringProxy Distribution

Tables, page 3-27.

This table appears only when you have configured the interface to enable Distributed Systems

Settings. For more information about this interface configuration, seeDisplaying Advanced

Options, page 2-5.

About ACS in Distributed Systems

These topics describe how ACS can be used in a distributed system.

•AAA Servers in Distributed Systems, page 3-2

•Default Distributed System Settings, page 3-3

AAA server is the generic term for an access-control server (ACS), and the two terms are often used

interchangeably.Multiple AAA servers can be configured to communicate with one another as primary,

backup, client, or peer systems. You can, therefore, use powerful features such as:

•Proxy

•Fallback on failed connection

•ACS internal database replication

•Remote and centralized logging

You can configure AAAservers to determine who can access the network and what services are

authorized for each user. The AAA server stores a profile containing authentication and authorization

information for each user. Authentication information validates user identity, and authorization

information determines what network services a user can to use. A single AAA server can provide

concurrentAAA services to many dial-up access servers, routers, and firewalls. Each network device can

be configured to communicate with a AAA server.You can, therefore, centrally control dial-up access,

and secure network devices from unauthorized access.