1-17
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter1 Overview of Cisco Secure ACS AAA Server Functions and Concepts
Other Authorization-Related Features
In addition to the authorization-related features discussed in this section, the
following features are provided by Cisco Secure ACS:
•Group administration of users, with support for up to 500 groups (see the
“Setting Up and Managing User Groups” section on page 6-1)
•Ability to map a user from an external user database to a specific
Cisco Secure ACS group (see the “Database Group Mappings” section on
page 12-10)
•Ability to disable an account after a number of failed attempts, specified by
the administrator (see the “Setting Options for User Account Disablement”
section on page 7-21)
•Ability to disable an account on a specific date (see the “Setting Options for
User Account Disablement” section on page 7-21)
•Ability to restrict time-of-day and day-of-week access (see the “Setting
Default Time of Day Access for a User Group” section on page 6-5)
•Ability to restrict network access based on remote address caller line
identification (CLID) and dialed number identification service (DNIS) (see
the “Setting Network Access Restrictions for a User Group” section on
page 6-7)
•IP Pools for IP address assignment of end-user client hosts (see the “Setting
IP Address Assignment Method for a User Group” section on page6-26)
•Per-user and per-group TACACS+ or RADIUS attributes (see the “Advanced
Options” section on page 3-4)
•Support for Voice over IP (VoIP), including configurable logging of
accounting data (see the “Enabling VoIP Support for a User Group” section
on page 6-4)
AccountingAAA clients use the accounting functions provided by the RADIUS and
TACACS+ protocols to communicate relevant data for each user session to the
AAA server for recording. Cisco Secure ACS writes accounting records to a
comma-separated value (CSV) log file or ODBC database, depending upon your