for network devices and other services. The various components that constitute the ACS and a brief description of their functions are discussed here.

The ACS architecture consists of seven services bundled within ACS. Figure 3-2shows the internal ACS components and their functions.

Function

Service

Administration

CSAdmin

Authentication

CSAuth

External DB

CSDBSync

sync

 

Logging

CSlog

TACACS

CSTacacs

communication

 

RADIUS

CSRadius

communication

 

Monitoring

CSMon

Figure 3-2 ACS architecture

Here are brief explanations for the ACS services:

CSAdmin Provides an HTML interface for administration of ACS

CSAuth Provides authentication services

CSDBSync Provides synchronization of the internal ACS user database with third-party external RDBMS applications

CSlog

Provides logging services both for accounting and system

 

activity

CSTacacs Provides communication between TACACS+ AAA clients and the CSAuth service

CSRadius Provides communication between RADIUS AAA clients and the CSAuth service

CSMon

Provides monitoring, recording, and notification of ACS

 

performance and includes automatic response to some

 

scenarios

42Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

Page 59 Page 61
Page 60
Image 60
IBM Tivoli and Cisco manual CSlog, CSMon
Page 59 Page 61
Top Page Image Contents