Chapter 3 Network Configuration

Configuring AAA Clients

Step 6 If you want to download a file containing the search results in a comma-separated value format, click Download, and use your browser to save the file to a location and filename of your choice.

Step 7 If you want to search again by using different criteria, repeat Step 3 and Step 4.

Configuring AAA Clients

This guide uses the term “AAA client” comprehensively to signify the device through which or to which service access is attempted. This is the RADIUS or TACACS+ client device, and may comprise Network Access Servers (NASs), PIX Firewalls, routers, or any other RADIUS or TACACS+ hardware or software client.

This section contains the following topics:

AAA Client Configuration Options, page 3-8

Adding AAA Clients, page 3-11

Editing AAA Clients, page 3-12

Deleting AAA Clients, page 3-14

AAAClient Configuration Options

AAAclient configurations enable ACS to interact with the network devices that the configuration represents. A network device that does not have a corresponding configuration in ACS, or whose configuration in ACS is incorrect, does not receive AAA services from ACS.

The Add AAA Client and AAA Client Setup pages include:

AAA Client Hostname—The name that you assign to the AAA client configuration. Each AAA client configuration can represent multiple network devices; thus, the AAA client hostname configured in ACS is not required to match the hostname configured on a network device. We recommend that you adopt a descriptive, consistent naming convention for AAA client hostnames. Maximum length for AAA client hostnames is 32 characters.

Note After you submit the AAA client hostname, you cannot change it. If you want to use a different name for AAA clients, delete the AAA client configuration and create a new AAA client configuration by using the new name.

AAA Client IP Address—At a minimum, a single IP address of the AAA client or the keyword dynamic.

If you only use the keyword dynamic, with no IP addresses, the AAA client configuration can only be used for command authorization for Cisco multi device-management applications, such as Management Center for Firewalls. ACS only provides AAA services to devices based on IP address; so it ignores such requests from a device whose AAA client configuration only has the keyword dynamic in the Client IP Address box.

If you want the AAA client configuration in ACS to represent multiple network devices, you can specify multiple IP addresses. Separate each IP address by pressing Enter.

In each IP address that you specify, you have three options for each octet in the address:

User Guide for Cisco Secure Access Control Server

3-8

OL-9971-01

 

 

Page 8
Image 8
Cisco Systems OL-9971-01 manual Configuring AAA Clients, AAA Client Configuration Options