Filter
Top Products
Chapter 1 Overview
AAA Server Functions and Concepts
1-8
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
• RFC 2868
• RFC 2869
The ports used for authentication and accounting have changed in RADIUS RFC
documents. To support both the older and newer RFCs, Cisco Secure ACS accepts
authentication requests on port 1645 and port 1812. For accounting, Cisco Secure
ACS accepts accounting packets on port 1646 and 1813.
In addition to support for standard IETF RADIUS attributes, Cisco Secure ACS
includes support for RADIUS vendor-specific attributes (VSAs). We have
predefined the following RADIUS VSAs in Cisco Secure ACS:
• Cisco IOS/PIX
• Cisco VPN 3000
• Cisco VPN 5000
• Ascend
• Juniper
• Microsoft
• Nortel
Cisco Secure ACS also supports up to 10 RADIUS VSAs that you define. After
you define a new RADIUS VSA, you can use it as you would one of the RADIUS
VSAs that come predefined in Cisco Secure ACS. In the Network Configuration
section of the Cisco Secure ACS HTML interface, you can configure a AAA
client to use a user-defined RADIUS VSA as its AAA protocol. In Interface
Configuration, you can enable user-level and group-level attributes for
user-defined RADIUS VSAs. In User Setup and Group Setup, you can configure
the values for enabled attributes of a user-defined RADIUS VSA.
For more information about creating user-defined RADIUS VSAs, see Custom
RADIUS Vendors and VSAs, page 9-28.
Authentication
Authentication determines user identity and verifies the information. Traditional
authentication uses a name and a fixed password. More modern and secure
methods use technologies such as CHAP and one-time passwords (OTPs).
Cisco Secure ACS supports a variety of these authentication methods.