Sign In
Upload
Manuals
Brands
Cisco Manuals
Software
Secure ACS
Cisco Secure ACS Manuals
Manuals and User Guides for Cisco Secure ACS. We have
2
Cisco Secure ACS manuals available for free PDF download: User Manual
Cisco Secure ACS User Manual (860 pages)
for Windows Server Version 3.3
Brand:
Cisco
| Category:
Software
| Size: 6.95 MB
Table of Contents
Table of Contents
4
Product Documentation
32
Related Documentation
33
Obtaining Documentation
35
Documentation Feedback
36
Obtaining Technical Assistance
37
Obtaining Additional Publications and Information
39
Aaa Server Functions and Concepts
45
AAA Protocols-TACACS+ and RADIUS
46
Radius
47
Tacacs
47
Authentication
48
Authentication and User Databases
49
Authentication Considerations
49
Authentication Protocol-Database Compatibility
50
Passwords
51
Other Authentication-Related Features
56
Authorization
57
Dynamic Usage Quotas
58
Max Sessions
58
Shared Profile Components
58
Support for Cisco Device-Management Applications
59
Other Authorization-Related Features
61
Accounting
62
Other Accounting-Related Features
62
Administration
63
HTTP Port Allocation for Administrative Sessions
63
Network Device Groups
64
Other Administration-Related Features
64
Cisco Secure ACS HTML Interface
65
Posture Validation
65
About the Cisco Secure ACS HTML Interface
66
HTML Interface Security
66
HTML Interface Layout
67
Uniform Resource Locator for the HTML Interface
69
Administrative Sessions and HTTP Proxy
70
Network Environments and Administrative Sessions
70
Administrative Sessions through a NAT Gateway
71
Administrative Sessions through Firewalls
71
Accessing the HTML Interface
72
Logging off the HTML Interface
73
Online Help and Online Documentation
73
Using Online Help
74
Using the Online Documentation
74
Chapter 2 Deployment Considerations
78
Basic Deployment Requirements for Cisco Secure ACS
78
System Requirements
78
Hardware Requirements
78
Operating System Requirements
78
Third-Party Software Requirements
79
Network and Port Requirements
80
Basic Deployment Factors for Cisco Secure ACS
82
Network Topology
82
Dial-Up Topology
82
Wireless Network
85
Remote Access Using VPN
88
Remote Access Policy
90
Security Policy
91
Administrative Access Policy
91
Separation of Administrative and General Users
93
Database
94
Number of Users
94
Type of Database
94
Network Latency and Reliability
95
Suggested Deployment Sequence
95
Interface Configuration
99
Chapter 3 Interface Configuration
100
Interface Design Concepts
100
User-To-Group Relationship
100
Per-User or Per-Group Features
100
User Data Configuration Options
101
Defining New User Data Fields
101
Advanced Options
102
Setting Advanced Options for the Cisco Secure ACS User Interface
104
Protocol Configuration Options for TACACS
105
Setting Options for TACACS
107
Protocol Configuration Options for RADIUS
109
Setting Protocol Configuration Options for IETF RADIUS Attributes
114
Setting Protocol Configuration Options for Non-IETF RADIUS Attributes
115
Network Configuration
117
About Network Configuration
117
Chapter 4 Network Configuration
118
About Distributed Systems
118
AAA Servers in Distributed Systems
119
Default Distributed System Settings
119
Proxy in Distributed Systems
120
Fallback on Failed Connection
121
Character String
122
Stripping
122
Proxy in an Enterprise
122
Remote Use of Accounting Packets
123
Other Features Enabled by System Distribution
124
Network Device Searches
124
Network Device Search Criteria
124
Searching for Network Devices
125
AAA Client Configuration
127
AAA Client Configuration Options
127
Adding a AAA Client
132
Editing a AAA Client
135
Deleting a AAA Client
137
AAA Server Configuration
137
AAA Server Configuration Options
138
Adding a AAA Server
140
Editing a AAA Server
142
Deleting a AAA Server
144
Network Device Group Configuration
144
Adding a Network Device Group
145
Assigning an Unassigned AAA Client or AAA Server to an NDG
146
Reassigning a AAA Client or AAA Server to an NDG
147
Renaming a Network Device Group
148
Deleting a Network Device Group
148
Proxy Distribution Table Configuration
150
About the Proxy Distribution Table
150
Adding a New Proxy Distribution Table Entry
151
Sorting the Character String Match Order of Distribution Entries
152
Editing a Proxy Distribution Table Entry
153
Deleting a Proxy Distribution Table Entry
154
Shared Profile Components
155
About Shared Profile Components
155
Network Access Filters
156
About Network Access Filters
156
Chapter 5 Shared Profile Component
157
Adding a Network Access Filter
157
Editing a Network Access Filter
159
Deleting a Network Access Filter
161
Downloadable IP Acls
161
About Downloadable IP Acls
162
Adding a Downloadable IP ACL
164
Editing a Downloadable IP ACL
167
Deleting a Downloadable IP ACL
168
Network Access Restrictions
168
About Network Access Restrictions
169
About IP-Based NAR Filters
171
About Non-IP-Based NAR Filters
172
Adding a Shared Network Access Restriction
173
Editing a Shared Network Access Restriction
177
Deleting a Shared Network Access Restriction
178
Command Authorization Sets
179
About Command Authorization Sets
180
Command Authorization Sets Description
180
Command Authorization Sets Assignment
182
Case Sensitivity and Command Authorization
183
Arguments and Command Authorization
183
About Pattern Matching
184
Adding a Command Authorization Set
185
Editing a Command Authorization Set
187
Deleting a Command Authorization Set
189
User Group Management
191
About User Group Setup Features and Functions
192
Default Group
192
Group TACACS+ Settings
192
Chapter 6 User Group Management
193
Basic User Group Settings
193
Group Disablement
194
Enabling Voip Support for a User Group
194
Setting Default Time-Of-Day Access for a User Group
195
Setting Callback Options for a User Group
197
Setting Network Access Restrictions for a User Group
198
Setting Max Sessions for a User Group
202
Setting Usage Quotas for a User Group
204
Configuration-Specific User Group Settings
206
Setting Token Card Settings for a User Group
208
Setting Enable Privilege Options for a User Group
209
Enabling Password Aging for the Ciscosecure User Database
211
Enabling Password Aging for Users in Windows Databases
216
Setting IP Address Assignment Method for a User Group
218
Assigning a Downloadable IP ACL to a Group
220
Configuring TACACS+ Settings for a User Group
221
Configuring a Shell Command Authorization Set for a User Group
223
Configuring a PIX Command Authorization Set for a User Group
225
Configuring Device-Management Command Authorization for a User Group
227
Configuring IETF RADIUS Settings for a User Group
228
Configuring Cisco IOS/PIX RADIUS Settings for a User Group
230
Configuring Cisco Aironet RADIUS Settings for a User Group
231
Configuring Ascend RADIUS Settings for a User Group
233
Configuring Cisco VPN 3000 Concentrator RADIUS Settings for a User Group
234
Configuring Cisco VPN 5000 Concentrator RADIUS Settings for a User Group
236
Configuring Microsoft RADIUS Settings for a User Group
237
Configuring Nortel RADIUS Settings for a User Group
239
Configuring Juniper RADIUS Settings for a User Group
240
Configuring BBSM RADIUS Settings for a User Group
241
Configuring Custom RADIUS VSA Settings for a User Group
243
Group Setting Management
244
Listing Users in a User Group
244
Resetting Usage Quota Counters for a User Group
245
Renaming a User Group
245
Saving Changes to User Group Settings
246
User Management
247
About User Setup Features and Functions
247
Chapter 7 User Management
248
About User Databases
248
Basic User Setup Options
249
Adding a Basic User Account
250
Setting Supplementary User Information
252
Setting a Separate CHAP/MS-CHAP/ARAP Password
253
Assigning a User to a Group
254
Setting User Callback Option
255
Assigning a User to a Client IP Address
256
Setting Network Access Restrictions for a User
257
Setting Max Sessions Options for a User
262
Setting User Usage Quotas Options
264
Setting Options for User Account Disablement
266
Assigning a Downloadable IP ACL to a User
267
Advanced User Authentication Settings
268
TACACS+ Settings (User)
269
Configuring TACACS+ Settings for a User
270
Configuring a Shell Command Authorization Set for a User
272
Configuring a PIX Command Authorization Set for a User
275
User
276
Configuring the Unknown Service Setting for a User
278
Advanced TACACS+ Settings (User)
279
Setting Enable Privilege Options for a User
279
Setting TACACS+ Enable Password Options for a User
281
Setting TACACS+ Outbound Password for a User
283
RADIUS Attributes
283
Setting Cisco IOS/PIX RADIUS Parameters for a User
284
Setting Cisco Aironet RADIUS Parameters for a User
284
Setting Ascend RADIUS Parameters for a User
289
Setting Cisco VPN 3000 Concentrator RADIUS Parameters for a User
290
Setting Cisco VPN 5000 Concentrator RADIUS Parameters for a User
292
Setting Microsoft RADIUS Parameters for a User
293
Setting Nortel RADIUS Parameters for a User
295
Setting Juniper RADIUS Parameters for a User
297
Setting BBSM RADIUS Parameters for a User
298
Setting Custom RADIUS Attributes for a User
299
User Management
300
Listing All Users
301
Finding a User
301
Disabling a User Account
302
Deleting a User Account
303
Resetting User Session Quota Counters
304
Resetting a User Account after Login Failure
305
Saving User Settings
306
System Configuration: Basic
307
Service Control
307
Determining the Status of Cisco Secure ACS Services
308
Stopping, Starting, or Restarting Services
308
Chapter 8 System Configuration: Basic
309
Logging
309
Date Format Control
309
Setting the Date Format
309
Local Password Management
311
Configuring Local Password Management
313
Cisco Secure ACS Backup
315
About Cisco Secure ACS Backup
315
Backup File Locations
315
Directory Management
316
Components Backed up
316
Reports of Cisco Secure ACS Backups
316
Backup Options
317
Performing a Manual Cisco Secure ACS Backup
317
Scheduling Cisco Secure ACS Backups
318
Disabling Scheduled Cisco Secure ACS Backups
319
Cisco Secure ACS System Restore
320
About Cisco Secure ACS System Restore
320
Backup Filenames and Locations
320
Components Restored
321
Reports of Cisco Secure ACS Restorations
322
Restoring Cisco Secure ACS from a Backup File
322
Cisco Secure ACS Active Service Management
323
System Monitoring
323
System Monitoring Options
324
Setting up System Monitoring
325
Event Logging
326
Setting up Event Logging
326
Voip Accounting Configuration
327
Configuring Voip Accounting
327
Ciscosecure Database Replication
329
C H a P T E R 9 System Configuration: Advanced
330
About Ciscosecure Database Replication
330
Replication Process
332
Replication Frequency
335
Important Implementation Considerations
335
Database Replication Versus Database Backup
338
Database Replication Logging
338
Replication Options
339
Replication Components Options
339
Outbound Replication Options
340
Inbound Replication Options
343
Implementing Primary and Secondary Replication Setups on Cisco Secure Acses
343
Configuring a Secondary Cisco Secure ACS
345
Replicating Immediately
347
Scheduling Replication
349
Disabling Ciscosecure Database Replication
352
RDBMS Synchronization
353
Database Replication Event Errors
353
About RDBMS Synchronization
354
Users
355
User Groups
355
Network Configuration
356
Custom RADIUS Vendors and Vsas
356
RDBMS Synchronization Components
357
About Csdbsync
357
About the Accountactions Table
359
Cisco Secure ACS Database Recovery Using the Accountactions Table
360
Reports and Event (Error) Handling
361
Preparing to Use RDBMS Synchronization
361
Considerations for Using CSV-Based Synchronization
363
Preparing for CSV-Based Synchronization
364
Configuring a System Data Source Name for RDBMS Synchronization
365
RDBMS Synchronization Options
366
RDBMS Setup Options
366
Synchronization Scheduling Options
367
Synchronization Partners Options
367
Performing RDBMS Synchronization Immediately
368
Scheduling RDBMS Synchronization
369
Disabling Scheduled RDBMS Synchronizations
371
IP Pools Server
372
About IP Pools Server
372
Allowing Overlapping IP Pools or Forcing Unique Pool Address Ranges
373
Refreshing the AAA Server IP Pools Table
375
Adding a New IP Pool
375
Editing an IP Pool Definition
376
Resetting an IP Pool
377
Deleting an IP Pool
378
IP Pools Address Recovery
379
Enabling IP Pool Address Recovery
379
About Certification and EAP Protocols
381
C H a P T E R 10 System Configuration: Authentication and Certificates
382
Digital Certificates
382
EAP-TLS Authentication
382
About the EAP-TLS Protocol
383
EAP-TLS and Cisco Secure ACS
384
EAP-TLS Limitations
386
Enabling EAP-TLS Authentication
387
PEAP Authentication
388
About the PEAP Protocol
388
PEAP and Cisco Secure ACS
389
PEAP and the Unknown User Policy
391
Enabling PEAP Authentication
392
EAP-FAST Authentication
393
About EAP-FAST
393
About Master Keys
395
About Pacs
397
Master Key and PAC Ttls
401
Replication and EAP-FAST
402
Enabling EAP-FAST
405
Global Authentication Setup
406
Authentication Configuration Options
407
Configuring Authentication Options
413
Cisco Secure ACS Certificate Setup
414
Installing a Cisco Secure ACS Server Certificate
415
Adding a Certificate Authority Certificate
417
Editing the Certificate Trust List
418
Managing Certificate Revocation Lists
420
About Certificate Revocation Lists
420
Certificate Revocation List Configuration Options
420
Adding a Certificate Revocation List Issuer
420
Editing a Certificate Revocation List Issuer
420
Deleting a Certificate Revocation List Issuer
420
Generating a Certificate Signing Request
425
Using Self-Signed Certificates
427
About Self-Signed Certificates
427
Self-Signed Certificate Configuration Options
428
Generating a Self-Signed Certificate
429
Updating or Replacing a Cisco Secure ACS Certificate
430
Logs and Reports
434
Chapter 11 Log and Report
434
Logging Formats
434
Special Logging Attributes
434
NAC Attributes in Logs
436
Update Packets in Accounting Logs
437
About Cisco Secure ACS Logs and Reports
438
Accounting Logs
438
Dynamic Administration Reports
441
Viewing the Logged-In Users Report
442
Deleting Logged-In Users
443
Viewing the Disabled Accounts Report
444
Cisco Secure ACS System Logs
445
Configuring the Administration Audit Log
446
Working with CSV Logs
447
CSV Log File Names
447
CSV Log File Locations
448
Enabling or Disabling a CSV Log
449
Viewing a CSV Report
450
Configuring a CSV Log
451
Working with ODBC Logs
453
Preparing for ODBC Logging
454
Configuring a System Data Source Name for ODBC Logging
454
Configuring an ODBC Log
455
Remote Logging
458
About Remote Logging
458
Implementing Centralized Remote Logging
459
Remote Logging Options
460
Enabling and Configuring Remote Logging
461
Disabling Remote Logging
463
Service Logs
463
Services Logged
464
Configuring Service Logs
465
Administrator Accounts
467
C H a P T E R 12 Administrators and Administrative Policy
468
About Administrator Accounts
468
Administrator Privileges
469
Adding an Administrator Account
472
Editing an Administrator Account
473
Edit Cisco Acs Administrator Account Privileges
474
Unlocking a Locked out Administrator Account
476
Deleting an Administrator Account
477
Access Policy
477
Access Policy Options
478
Setting up Access Policy
480
Session Policy
482
Session Policy Options
482
Setting up Session Policy
483
Audit Policy
484
Chapter 13 User Database
486
Ciscosecure User Database
486
About the Ciscosecure User Database
486
User Import and Creation
487
About External User Databases
488
Authenticating with External User Databases
489
External User Database Authentication Process
490
Windows User Database
491
What's Supported with Windows User Databases
492
Authentication with Windows User Databases
493
Trust Relationships
493
Windows Dial-Up Networking Clients
494
Windows Dial-Up Networking Clients with a Domain Field
494
Windows Dial-Up Networking Clients Without a Domain Field
495
Usernames and Windows Authentication
495
Username Formats and Windows Authentication
495
Non-Domain-Qualified Usernames
497
Domain-Qualified Usernames
498
UPN Usernames
498
EAP and Windows Authentication
499
EAP-TLS Domain Stripping
500
Machine Authentication
500
Machine Access Restrictions
503
Microsoft Windows and Machine Authentication
504
Enabling Machine Authentication
506
User-Changeable Passwords with Windows User Databases
509
Preparing Users for Authenticating with Windows
510
Windows User Database Configuration Options
510
Configuring a Windows External User Database
514
Generic LDAP
516
Cisco Secure ACS Authentication Process with a Generic LDAP User Database
517
Multiple LDAP Instances
517
LDAP Organizational Units and Groups
518
Domain Filtering
518
LDAP Failover
520
Successful Previous Authentication with the Primary LDAP Server
520
Unsuccessful Previous Authentication with the Primary LDAP Server
521
LDAP Configuration Options
521
Configuring a Generic LDAP External User Database
527
Novell NDS Database
533
About Novell NDS User Databases
534
User Contexts
535
Novell NDS External User Database Options
536
Configuring a Novell NDS External User Database
537
ODBC Database
539
What Is Supported with ODBC User Databases
541
Cisco Secure ACS Authentication Process with an ODBC External User Database
542
Preparing to Authenticate Users with an ODBC-Compliant Relational Database
543
Implementation of Stored Procedures for ODBC Authentication
544
Type Definitions
545
Microsoft SQL Server and Case-Sensitive Passwords
545
Sample Routine for Generating a PAP Authentication SQL Procedure
546
Sample Routine for Generating an SQL CHAP Authentication Procedure
547
Sample Routine for Generating an EAP-TLS Authentication Procedure
548
PAP Authentication Procedure Input
548
PAP Procedure Output
549
CHAP/MS-CHAP/ARAP Authentication Procedure Input
550
CHAP/MS-CHAP/ARAP Procedure Output
550
EAP-TLS Authentication Procedure Input
551
EAP-TLS Procedure Output
552
Result Codes
553
Configuring a System Data Source Name for an ODBC External User Database
554
Configuring an ODBC External User Database
555
LEAP Proxy RADIUS Server Database
559
Configuring a LEAP Proxy RADIUS Server External User Database
560
Token Server User Databases
562
About Token Servers and Cisco Secure ACS
562
Token Servers and ISDN
563
RADIUS-Enabled Token Servers
563
About RADIUS-Enabled Token Servers
563
Token Server RADIUS Authentication Request and Response
563
Contents
563
Configuring a RADIUS Token Server External User Database
563
RSA Securid Token Servers
568
Configuring an RSA Securid Token Server External User Database
569
Deleting an External User Database Configuration
570
About Network Admission Control
573
NAC AAA Components
574
Posture Validation
575
Advertisement
Cisco Secure ACS User Manual (686 pages)
User Guide
Brand:
Cisco
| Category:
Software
| Size: 5.92 MB
Table of Contents
Table of Contents
4
Related Documentation
29
Obtaining Documentation
30
Ordering Documentation
30
World Wide Web
30
Documentation Feedback
31
Obtaining Technical Assistance
31
Technical Assistance Center
32
AAA Protocols-TACACS+ and RADIUS
40
Tacacs
40
Radius
40
Authentication
41
Authentication Considerations
42
Authentication and User Databases
42
Authentication Protocol-Database Compatibility
43
Passwords
44
Other Authentication-Related Features
49
Authorization
49
Max Sessions
50
Dynamic Usage Quotas
51
Shared Profile Components
51
Support for Cisco Device-Management Applications
52
Other Authorization-Related Features
53
Accounting
54
Other Accounting-Related Features
54
Administration
55
HTTP Port Allocation for Remote Administrative Sessions
55
Network Device Groups
56
Other Administration-Related Features
56
Cisco Secure ACS HTML Interface
57
About the Cisco Secure ACS HTML Interface
57
HTML Interface Security
58
HTML Interface Layout
59
Uniform Resource Locator for the HTML Interface
60
Network Environments and Remote Administrative Sessions
61
Remote Administrative Sessions and HTTP Proxy
61
Remote Administrative Sessions through a NAT Gateway
62
Remote Administrative Sessions through Firewalls
62
Accessing the HTML Interface
63
Logging off the HTML Interface
63
Online Help and Online Documentation
64
Using Online Help
64
Using the Online Documentation
65
Chapter 2 Deploying Cisco Secure ACS
67
Basic Deployment Requirements for Cisco Secure ACS
68
System Requirements
68
Hardware Requirements
68
Operating System Requirements
68
Third-Party Software Requirements
69
Network Requirements
70
Basic Deployment Factors for Cisco Secure ACS
71
Network Topology
71
Dial-Up Topology
71
Wireless Network
74
Remote Access Using VPN
77
Remote Access Policy
79
Security Policy
80
Administrative Access Policy
80
Separation of Administrative and General Users
82
Database
83
Number of Users
83
Type of Database
83
Network Latency and Reliability
84
Suggested Deployment Sequence
84
Chapter 3 Setting up the Cisco Secure ACS HTML Interface
87
Interface Design Concepts
88
User-To-Group Relationship
88
Per-User or Per-Group Features
88
User Data Configuration Options
89
Defining New User Data Fields
89
Advanced Options
90
Setting Advanced Options for the Cisco Secure ACS User Interface
92
Protocol Configuration Options for TACACS
93
Setting Options for TACACS
95
Protocol Configuration Options for RADIUS
96
Setting Protocol Configuration Options for IETF RADIUS Attributes
101
Setting Protocol Configuration Options for Non-IETF RADIUS Attributes
102
C H a P T E R 4 Setting up and Managing Network Configuration
106
CHAPTER 4 Setting up and Managing Network Configuration
106
About Network Configuration
106
About Distributed Systems
107
AAA Servers in Distributed Systems
107
Default Distributed System Settings
108
Proxy in Distributed Systems
108
Fallback on Failed Connection
110
Character String
110
Stripping
110
Proxy in an Enterprise
111
Remote Use of Accounting Packets
111
Other Features Enabled by System Distribution
112
Network Device Searches
112
Network Device Search Criteria
113
Searching for Network Devices
114
AAA Client Configuration
115
AAA Client Configuration Options
115
Adding a AAA Client
119
Editing a AAA Client
122
Deleting a AAA Client
123
AAA Server Configuration
124
AAA Server Configuration Options
125
Adding a AAA Server
127
Editing a AAA Server
129
Deleting a AAA Server
131
Network Device Group Configuration
131
Adding a Network Device Group
132
Assigning an Unassigned AAA Client or AAA Server to an NDG
133
Reassigning a AAA Client or AAA Server to an NDG
134
Renaming a Network Device Group
135
Deleting a Network Device Group
135
Proxy Distribution Table Configuration
136
About the Proxy Distribution Table
136
Adding a New Proxy Distribution Table Entry
137
Editing a Proxy Distribution Table Entry
139
Sorting the Character String Match Order of Distribution Entries
139
Deleting a Proxy Distribution Table Entry
140
Chapter 5 Setting up and Managing Shared Profile Components
141
About Shared Profile Components
141
Downloadable PIX Acls
142
About Downloadable PIX Acls
142
Downloadable PIX ACL Configuration
144
Adding a Downloadable PIX ACL
144
Deleting a Downloadable PIX ACL
145
Editing a Downloadable PIX ACL
145
Network Access Restrictions
146
About Network Access Restrictions
146
Shared Network Access Restrictions Configuration
148
Adding a Shared Network Access Restriction
149
Deleting a Shared Network Access Restriction
149
Editing a Shared Network Access Restriction
149
Command Authorization Sets
153
About Command Authorization Sets
154
About Pattern Matching
155
Command Authorization Sets Configuration
156
Adding a Command Authorization Set
156
Editing a Command Authorization Set
159
Deleting a Command Authorization Set
160
Chapter 6 Setting up and Managing User Groups
161
User Group Setup Features and Functions
162
Default Group
162
Group TACACS+ Settings
162
Common User Group Settings
163
Enabling Voip Support for a User Group
164
Setting Default Time-Of-Day Access for a User Group
165
Setting Callback Options for a User Group
166
Setting Network Access Restrictions for a User Group
167
Setting Max Sessions for a User Group
171
Setting Usage Quotas for a User Group
173
Configuration-Specific User Group Settings
175
Setting Token Card Settings for a User Group
176
Setting Enable Privilege Options for a User Group
178
Enabling Password Aging for the Ciscosecure User Database
180
Enabling Password Aging for Users in Windows Databases
185
Setting IP Address Assignment Method for a User Group
187
Assigning a Downloadable PIX ACL to a Group
188
Configuring TACACS+ Settings for a User Group
189
Configuring a Shell Command Authorization Set for a User Group
191
Configuring a PIX Command Authorization Set for a User Group
193
Configuring Device-Management Command Authorization for a User Group
195
Configuring IETF RADIUS Settings for a User Group
197
Configuring Cisco IOS/PIX RADIUS Settings for a User Group
198
Configuring Cisco Aironet RADIUS Settings for a User Group
199
Configuring Ascend RADIUS Settings for a User Group
201
Configuring Cisco VPN 3000 Concentrator RADIUS Settings for a User Group
202
Configuring Cisco VPN 5000 Concentrator RADIUS Settings for a User Group
203
Configuring Microsoft RADIUS Settings for a User Group
205
Configuring Nortel RADIUS Settings for a User Group
206
Configuring Juniper RADIUS Settings for a User Group
208
Configuring BBSM RADIUS Settings for a User Group
209
Configuring Custom RADIUS VSA Settings for a User Group
210
Group Setting Management
211
Listing Users in a User Group
212
Resetting Usage Quota Counters for a User Group
212
Renaming a User Group
213
Saving Changes to User Group Settings
213
Chapter 7 Setting up and Managing User Accounts
215
User Setup Features and Functions
216
About User Databases
216
Basic User Setup Options
218
Adding a Basic User Account
219
Setting Supplementary User Information
221
Setting a Separate CHAP/MS-CHAP/ARAP Password
222
Assigning a User to a Group
223
Setting User Callback Option
224
Assigning a User to a Client IP Address
225
Setting Network Access Restrictions for a User
226
Setting Max Sessions Options for a User
230
Setting User Usage Quotas Options
232
Setting Options for User Account Disablement
234
Assigning a PIX ACL to a User
235
Advanced User Authentication Settings
236
TACACS+ Settings (User)
236
Configuring TACACS+ Settings for a User
237
Configuring a Shell Command Authorization Set for a User
239
Configuring a PIX Command Authorization Set for a User
242
Configuring Device Management Command Authorization for a User
244
Configuring the Unknown Service Setting for a User
246
Advanced TACACS+ Settings (User)
247
Setting Enable Privilege Options for a User
247
Setting TACACS+ Enable Password Options for a User
249
Setting TACACS+ Outbound Password for a User
250
RADIUS Attributes
251
Setting IETF RADIUS Parameters for a User
252
Setting Cisco IOS/PIX RADIUS Parameters for a User
253
Setting Cisco Aironet RADIUS Parameters for a User
254
Setting Ascend RADIUS Parameters for a User
256
User
257
User
259
Setting Microsoft RADIUS Parameters for a User
260
Setting Nortel RADIUS Parameters for a User
262
Setting Juniper RADIUS Parameters for a User
263
Setting BBSM RADIUS Parameters for a User
265
Setting Custom RADIUS Attributes for a User
266
User Management
267
Listing All Users
268
Finding a User
268
Disabling a User Account
269
Deleting a User Account
270
Resetting User Session Quota Counters
271
Resetting a User Account after Login Failure
272
Saving User Settings
273
C H a P T E R 8 Establishing Cisco Secure ACS System Configuration
276
CHAPTER 8 Establishing Cisco Secure
276
Service Control
276
Determining the Status of Cisco Secure ACS Services
276
Stopping, Starting, or Restarting Services
276
Logging
277
Date Format Control
277
Setting the Date Format
278
Local Password Management
279
Configuring Local Password Management
281
Ciscosecure Database Replication
283
About Ciscosecure Database Replication
283
Replication Process
286
Replication Frequency
288
Important Implementation Considerations
289
Database Replication Versus Database Backup
290
Database Replication Logging
291
Replication Options
291
Replication Components Options
291
Outbound Replication Options
292
Inbound Replication Options
294
Cisco Secure Acses
294
Configuring a Secondary Cisco Secure ACS
295
Replicating Immediately
298
Scheduling Replication
300
Disabling Ciscosecure Database Replication
303
Database Replication Event Errors
303
APPENDIX E Ciscosecure ACS and Virtual Private Dial-Up Networks
303
RDBMS Synchronization
303
About RDBMS Synchronization
304
Users
305
User Groups
306
Network Configuration
306
Custom RADIUS Vendors and Vsas
307
RDBMS Synchronization Components
307
About Csdbsync
307
About the Accountactions Table
308
Cisco Secure ACS Database Recovery Using the Accountactions Table
310
Reports and Event (Error) Handling
311
Preparing to Use RDBMS Synchronization
311
Considerations for Using CSV-Based Synchronization
312
Preparing for CSV-Based Synchronization
313
Configuring a System Data Source Name for RDBMS Synchronization
314
RDBMS Synchronization Options
315
RDBMS Setup Options
315
Synchronization Scheduling Options
316
Synchronization Partners Options
316
Performing RDBMS Synchronization Immediately
317
Scheduling RDBMS Synchronization
318
Disabling Scheduled RDBMS Synchronizations
320
Cisco Secure ACS Backup
321
About Cisco Secure ACS Backup
321
Backup File Locations
322
Directory Management
322
Components Backed up
322
Reports of Cisco Secure ACS Backups
323
Backup Options
323
Performing a Manual Cisco Secure ACS Backup
324
Scheduling Cisco Secure ACS Backups
324
Disabling Scheduled Cisco Secure ACS Backups
325
Cisco Secure ACS System Restore
326
About Cisco Secure ACS System Restore
326
Backup File Names and Locations
327
Components Restored
328
Reports of Cisco Secure ACS Restorations
328
Restoring Cisco Secure ACS from a Backup File
328
Cisco Secure ACS Active Service Management
329
System Monitoring
330
System Monitoring Options
330
Setting up System Monitoring
331
Event Logging
332
Setting up Event Logging
332
IP Pools Server
333
About IP Pools Server
334
Allowing Overlapping IP Pools or Forcing Unique Pool Address Ranges
335
Refreshing the AAA Server IP Pools Table
336
Adding a New IP Pool
337
Editing an IP Pool Definition
338
Resetting an IP Pool
339
Deleting an IP Pool
340
IP Pools Address Recovery
341
Enabling IP Pool Address Recovery
341
Voip Accounting Configuration
342
Configuring Voip Accounting
342
Cisco Secure ACS Certificate Setup
343
Background on Protocols and Certification
343
Digital Certificates
343
About the EAP-TLS Protocol
344
About the PEAP Protocol
346
Installing a Cisco Secure ACS Server Certificate
348
Adding a Certificate Authority Certificate
350
Editing the Certificate Trust List
351
Generating a Certificate Signing Request
352
Updating or Replacing a Cisco Secure ACS Certificate
354
Global Authentication Setup
355
Configuring Authentication Options
355
Logging Formats
359
Special Logging Attributes
360
Chapter 9 Working with Logging and Report
361
Update Packets in Accounting Logs
362
About Cisco Secure ACS Logs and Reports
362
Accounting Logs
363
Dynamic Administration Reports
365
Viewing the Logged-In Users Report
366
Deleting Logged-In Users
367
Viewing the Disabled Accounts Report
368
Cisco Secure ACS System Logs
369
Configuring the Administration Audit Log
370
Working with CSV Logs
371
CSV Log File Names
371
CSV Log File Locations
371
Enabling or Disabling a CSV Log
372
Viewing a CSV Report
373
Configuring a CSV Log
374
Working with ODBC Logs
377
Preparing for ODBC Logging
377
Configuring a System Data Source Name for ODBC Logging
378
Configuring an ODBC Log
378
Remote Logging
381
About Remote Logging
381
Implementing Centralized Remote Logging
382
Remote Logging Options
383
Enabling and Configuring Remote Logging
384
Disabling Remote Logging
386
Service Logs
386
Services Logged
387
Configuring Service Logs
388
CHAPTER 10 Setting up and Managing Administrators and Policy
391
Administrator Accounts
391
About Administrator Accounts
392
C H a P T E R 10 Setting up and Managing Administrators and Policy
392
Administrator Privileges
393
Adding an Administrator Account
396
Editing an Administrator Account
398
Unlocking a Locked out Administrator Account
400
Deleting an Administrator Account
401
Access Policy
401
Access Policy Options
402
Setting up Access Policy
404
Session Policy
406
Session Policy Options
406
Setting up Session Policy
407
Audit Policy
408
Ciscosecure User Database
410
About the Ciscosecure User Database
410
Chapter 11 Working with User Database
411
User Import and Creation
411
About External User Databases
412
Authenticating with External User Databases
413
External User Database Authentication Process
414
Windows NT/2000 User Database
415
What's Supported with Windows NT/2000 User Databases
416
Databases
417
Trust Relationships
417
Windows Dial-Up Networking Clients
418
Windows Dial-Up Networking Clients with a Domain Field
418
Windows Authentication
419
Windows Dial-Up Networking Clients Without a Domain Field
419
User-Changeable Passwords with Windows NT/2000 User Databases
421
Preparing Users for Authenticating with Windows NT/2000
422
Configuring a Windows NT/2000 External User Database
422
Generic LDAP
424
Multiple LDAP Instances
425
Database
425
LDAP Organizational Units and Groups
426
Domain Filtering
426
LDAP Failover
428
Successful Previous Authentication with the Primary LDAP Server
429
Unsuccessful Previous Authentication with the Primary LDAP Server
429
LDAP Configuration Options
430
Configuring a Generic LDAP External User Database
436
Novell NDS Database
441
About Novell NDS User Databases
442
User Contexts
443
Novell NDS External User Database Options
444
Configuring a Novell NDS External User Database
445
ODBC Database
447
What Is Supported with ODBC User Databases
448
Database
449
Database
450
Implementation of Stored Procedures for ODBC Authentication
451
Type Definitions
452
Microsoft SQL Server and Case-Sensitive Passwords
452
Sample Routine for Generating a PAP Authentication SQL Procedure
453
Procedure
454
PAP Authentication Procedure Input
454
PAP Procedure Output
455
CHAP/MS-CHAP/ARAP Authentication Procedure Input
456
CHAP/MS-CHAP/ARAP Procedure Output
456
Result Codes
457
Database
458
Configuring an ODBC External User Database
459
LEAP Proxy RADIUS Server Database
462
Configuring a LEAP Proxy RADIUS Server External User Database
463
Token Server User Databases
465
About Token Servers and Cisco Secure ACS
465
Token Servers and ISDN
466
RADIUS-Enabled Token Servers
467
About RADIUS-Enabled Token Servers
467
Configuring a RADIUS Token Server External User Database
468
Token Server RADIUS Authentication Request and Response Contents
468
RSA Securid Token Servers
472
Configuring an RSA Securid Token Server External User Database
473
Deleting an External User Database Configuration
474
Advertisement
Related Products
Cisco Security Device Manager
Cisco Secure Access Control Server
Cisco Servers
Cisco ST373307LC
Cisco Surveillance Media Server
Cisco SMTP
Cisco CiscoWorks SIMS 3.4.1
Cisco SFS InfiniBand
Cisco SDM 2.2
Cisco S8500
Cisco Categories
Switch
IP Phone
Network Router
Wireless Access Point
Conference System
More Cisco Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL