Chapter4 Se tting Up and Managing Network Configuration
AAA Client Configuration
4-10
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Note For correct operation, the identical key must be configured on the
AAA client and Cisco Secure ACS. Keys are case sensitive. Because
the shared secrets are not synchronized in any way, it is easy to make
mistakes when entering them upon both devices. Such mistakes will
cause the AAA server to discard all packets from the client because it
must treat the client as a potential intruder and a threat to the
network’s security.
Step 6 If you are using NDGs, from the Network Device Group list, select the name of
the NDG to which this AAA client should belong, or select Not Assigned to set
this AAA client to be independent of NDGs.
Note To enable NDGs, click Interface Configuration, click Advanced
Options, and then select the Network Device Groups check box.
Step 7 From the Authenticate Using list, select the network security protocol used by the
AAA client. Select either one of the following options, or any other custom
RADIUS VSA that you have configured:
•TACACS+ (Cisco IOS)—Select this option to use TACACS+, which is the
standard choice when using Cisco Systems access servers, routers, and
firewalls.
•RADIUS (Cisco Aironet)—Select this option if the network device is a
Cisco Aironet device that supports authentication via CiscoSecure ACS,
such as an Access Point 340 or 350. When configured to use the RADIUS
(Cisco Aironet) authentication protocol, Cisco Secure ACS first attempts to
to authenticate a user by using LEAP; if this fails, Cisco Secure ACS fails
over to EAP-TLS.
Note Aironet authentication is limited to users whose records reside in
either the CiscoSecure user database, a Windows NT/2000 user
database, or an ODBC user database.