Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

14-9

Cisco ASDM User Guide

OL-16647-01

Chapter 14 Configuring AAA Servers and the Local Database

Configuring AAA Server Groups

If you want to use an external AAA server for authentication, authorization, or accounting, you must first

create at least one AAA server group per AAA protocol and add one or more servers to each group. You

identify AAA server groups by name. Each server group is specific to one type of server: Kerberos,

LDAP, NT, RADIUS, SDI, or TACACS+.

The security appliance contacts the first server in the group. If that server is unavailable, the security

appliance contacts the next server in the group, if configured. If all servers in the group are unavailable,

the security appliance tries the local database if you configured it as a fallback method (management

authentication and authorization only). If you do not have a fallback method, the security appliance

continues to try the AAA servers.

This section includes the following procedures:

• Adding a Server Group, page 14-9

• Adding a Server to a Group, page 14-10

• AAA Server Parameters, page 14-11

Adding a Server Group

To add a server group, perform the following steps:

Step 1 From the Configuration > Device Management > Users/AAA > AAA Server Groups > AAA Server

Groups area, click Add.

The Add AAA Server Group dialog box appears.

Step 2 In the Server Group field, add a name for the group.

Step 3 From the Protocol drop-down list, choose the server type:

• RADIUS

• TACACS+

• SDI

• NT Domain

• Kerberos

• LDAP

• HTTP Form

Step 4 In the Accounting Mode field click the radio button for the mode you want to use (Simultaneous or

Single).

In Single mode, the security appliance sends accounting data to only one server.

In Simultaneous mode, the security appliance sends accounting data to all servers in the group.

Note This option is not available for the HTTP Form protocol.

Step 5 In the Reactivation Mode field, click the radio button for the mode you want to use (Depletion or

Timed).

In Depletion mode, failed servers are reactivated only after all of the servers in the group are inactive.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems OL-16647-01 Network Router User Manual