Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

C-15

Cisco ASDM User Guide

OL-16647-01

Appendix C Configuring an External Server for Authorization and Authentication

Configuring an External RADIUS Server

This section presents an overview of the RADIUS configuration procedure and defines the Cisco

RADIUS attributes. It includes the following topics:

• Reviewing the RADIUS Configuration Procedure, page C-15

• Security Appliance RADIUS Authorization Attributes, page C-15

Reviewing the RADIUS Configuration Procedure

This section describes the RADIUS configuration steps required to support authentication and

authorization of the security appliance users. Follow these steps to set up the RADIUS server to inter

operate with the security appliance.

Step 1 Load the security appliance attributes into the RADIUS server. The method you use to load the attributes

depends on which type of RADIUS server you are using:

• If you are using Cisco ACS: the server already has these attributes integrated. You can skip this step.

• If you are using a FUNK RADIUS server: Cisco supplies a dictionary file that contains all the

security appliance attributes. Obtain this dictionary file,

cisco3k.dct, from Software Center on

CCO or from the security appliance CD-ROM. Load the dictionary file on your server.

• For other vendors’ RADIUS servers (for example, Microsoft Internet Authentication Service): you

must manually define each security appliance attribute. To define an attribute, use the attribute name

or number, type, value, and vendor code (3076). For a list of security appliance RADIUS

authorization attributes and values, see Table C-5.

Step 2 Set up the users or groups with the permissions and attributes to send during IPSec or SSL tunnel

establishment.

Security Appliance RADIUS Authorization Attributes

Authorization refers to the process of enforcing permissions or attributes. A RADIUS server defined as

an authentication server enforces permissions or attributes if they are configured.

Table C-5 lists all the possible security appliance supported RADIUS attributes that can be used for user

authorization.

Note RADIUS attribute names do not contain the cVPN3000 prefix. Cisco Secure ACS 4.x supports this new

nomenclature, but attribute names in pre-4.0 ACS releases still include the cVPN3000 prefix. The

appliances enforce the RADIUS attributes based on attribute numeric ID, not attribute name. LDAP

attributes are enforced by their name, not by the ID.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems OL-16647-01 Network Router User Manual