Authentication - Cisco 2509 - Router - EN User Manual

Chapter 1 Overview of Cisco Secure ACS

Authentication

78-14696-01, Version 3.1
RFC 2866
•
RFC 2867
•
RFC 2868
•
The ports used for authentication and accounting have changed in RADIUS RFC
documents. To support both the older and newer RFCs, Cisco Secure ACS accepts
authentication requests on port 1645 and port 1812. For accounting,
Cisco Secure ACS accepts accounting packets on port 1646 and 1813.
In addition to support for standard IETF RADIUS attributes, Cisco Secure ACS
includes support for RADIUS vendor-specific attributes (VSAs). We have
predefined the following RADIUS VSAs in Cisco Secure ACS:
Cisco IOS/PIX
•
• Cisco VPN 3000
Cisco VPN 5000
•
Ascend
•
Juniper
•
Microsoft
•
• Nortel
Cisco Secure ACS also supports up to 10 RADIUS VSAs that you define. After
you define a new RADIUS VSA, you can use it as you would one of the RADIUS
VSAs that come predefined in Cisco Secure ACS. In the Network Configuration
section of the Cisco Secure ACS HTML interface, you can configure a AAA
client to use a user-defined RADIUS VSA as its AAA protocol. In Interface
Configuration, you can enable user-level and group-level attributes for
user-defined RADIUS VSAs. In User Setup and Group Setup, you can configure
the values for enabled attributes of a user-defined RADIUS VSA.
For more information about creating user-defined RADIUS VSAs, see
RADIUS Vendors and VSAs, page
Authentication determines user identity and verifies the information. Traditional
authentication uses a name and a fixed password. More modern and secure
methods use technologies such as CHAP and one-time passwords (OTPs).
Cisco Secure ACS supports a variety of these authentication methods.
8-33.
User Guide for Cisco Secure ACS for Windows Server
AAA Server Functions and Concepts
Custom
1-7