Chapter 3 Network Configuration
Proxy in Distributed Systems
These types of access control have unique authentication and authorization requirements. With ACS, system administrators can use a variety of authentication methods that are used with different degrees of authorization privileges.
Completing the AAA functionality, ACS serves as a central repository for accounting information. Each user session that ACS grants can be fully accounted for, and its accounting information can be stored in the server. You can use this accounting information for billing, capacity planning, and security audits.
Note If the fields mentioned in this section do not appear in the ACS web interface, you can enable them by choosing Interface Configuration > Advanced Options. Then, check the Distributed System Settings check box.
Default Distributed System Settings
You use the AAA Servers table and the Proxy Distribution Table to establish distributed system settings. The parameters that are configured within these tables create the foundation so that you can configure multiple ACSs to work with one another. Each table contains an ACS entry for itself. In the AAA Servers table, the only AAA server that is initially listed is itself (in ACS SE, the server name is listed as self); the Proxy Distribution Table lists an initial entry of (Default), which displays how the local ACS is configured to handle each authentication request locally.
You can configure additional AAA servers in the AAA Servers table. These devices can, therefore, become visible in the web interface so that they can be configured for other distributed features such as proxy, ACS internal database replication, remote logging, and RDBMS synchronization. For information about configuring additional AAA servers, see Adding AAA Servers, page
Proxy in Distributed Systems
Proxy is a powerful feature that enables you to use ACS for authentication in a network that uses more than one AAA server. This section contains the following topics:
•The Proxy Feature, page
•Fallback on Failed Connection, page
•Remote Use of Accounting Packets, page
•Other Features Enabled by System Distribution, page
The Proxy Feature
Using proxy, ACS automatically forwards an authentication request from AAA clients to AAA servers. After the request has been successfully authenticated, the authorization privileges that you configured for the user on the remote AAA server are passed back to the original ACS, where the AAA client applies the user profile information for that session.
Proxy provides a useful service to users, such as business travelers, who dial in to a network device other than the one they normally use and would otherwise be authenticated by a foreign AAA server. To configure proxy, you choose Interface Configuration > Advanced Options. Then, check the
Distributed System Settings check box.
User Guide for Cisco Secure Access Control Server
|
| ||
|
|
