Cisco Systems OL-9971-01 Proxy in Distributed Systems

3-3

User Guide for Cisco Secure Access Control Server

OL-9971-01

Chapter3 Network Configuration Proxy in Distributed Systems

These types of access control have unique authentication and authorization requirements. With ACS,

system administrators can use a variety of authentication methods that are used with different degrees

of authorization privileges.

Completing the AAA functionality,ACS serves as a central repository for accounting information. Each

user session that ACS grants can be fully accounted for,and its accounting information can be stored in

the server. You can use this accounting information for billing, capacity planning, and security audits.

Note If the fields mentioned in this section do not appear in the ACS web interface, you can enable them by

choosingInterface Configuration > Advanced Options. Then, check the Distributed System Settings

check box.

Youuse the AAA Servers table and the Proxy Distribution Table to establish distributed system settings.

The parameters that are configured within these tables create the foundation so that you can configure

multipleACSs to work with one another. Each table contains an ACS entry for itself. In the AAA Servers

table, the only AAA server that is initially listed is itself (in ACS SE, the servername is listed as self);

the Proxy Distribution Table lists an initial entry of(Default), which displays how the local ACS is

configured to handle each authentication request locally.

You can configure additional AAAservers in the AAA Servers table. These devices can, therefore,

become visible in the web interface so that they can be configuredfor other distributed features such as

proxy, ACS internal database replication, remote logging, and RDBMS synchronization. For

information about configuring additional AAA servers, seeAdding AAA Servers, page 3-16.

Proxy in Distributed Systems

Proxy is a powerful feature that enables you to use ACSfor authentication in a network that uses more

than one AAA server. This section contains the following topics:

•The Proxy Feature, page 3-3

•Fallback on Failed Connection, page 3-4

•Remote Use of Accounting Packets, page 3-5

•Other Features Enabled by System Distribution, page 3-6

Using proxy,ACS automatically forwards an authentication request from AAA clients to AAA servers.

After the request has been successfully authenticated, the authorization privileges that you configured

forthe user on the remote AAA serverare passed back to the original ACS, where the AAA client applies

the user profile information for that session.

Proxy providesa useful service to users, such as business travelers, who dial in to a network device other

than the one they normally use and would otherwise be authenticated by a foreign AAA server. To

configure proxy, you chooseInterface Configuration > Advanced Options. Then, check the

Distributed System Settings check box.