Filter
Top Products
3-15
User Guide for Cisco Secure Access Control Server
OL-9971-01
Chapter 3 Network Configuration
Configuring AAA Servers
• Deleting AAA Servers, page 3-18
AAA Server Configuration Options
AAA server configurations enableACS tointeract withthe AAAserver that the configurationrepresents.
AAA servers that do not have a corresponding configuration in ACS, or whose configuration in ACS is
incorrect, do not receive AAA services from ACS, such as proxied authentication requests, database
replication communication, remote logging, and RDBMS synchronization. Also, several distributed
systems features require that the other ACSs included in the distributed system be represented in the
AAA Servers table. For more information about distributed systems features, see About ACS in
Distributed Systems, page 3-2.
After installation, the AAA Servers tableautomatically lists the machineon whichACS is installed.This
machine is also defined as the default proxy server inthe Proxy Distribution table, andappears bydefault
in the RDBMS table.
Note In ACS SE, the name of the machine in the AAA servers table is listed as self; in the Proxy Distribution
and RDBMS tables the appliance hostname is listed.
The Add AAA Server and AAA Server Setup pages include the following options:
• AAA Server Name—The name that you assign to the AAA server configuration. The AAA server
hostname that is configured in ACS does not have to match the hostname configured on a network
device. We recommend that you adopt a descriptive, consistent naming convention for AAA server
names. Maximum length for AAA server names is 32 characters.
Note After you submit the AAA server name, you cannot change it. If you want to use a different
name for the AAA server, delete the AAA server configuration and create the AAA server
configuration by using the new name.
• AAA Server IP Address—The IP address of the AAA server, in dotted, four-octet format. For
example, 10.77.234.3.
• Key—The shared secret of the AAA server. Maximum length for AAA server keys is 32 characters.
For correct operation, the key must be identical on the remote AAA server and ACS. Keys are case
sensitive. Because shared secrets are not synchronized, you could easily to make mistakes when
entering them on remote AAA servers and ACS. If the shared secret does not match, ACS discards
all packets from the remote AAA server.
• Network Device Group—The name of the NDG to which this AAA server should belong. To make
the AAA server independent of NDGs, use the Not Assigned selection.
Note This option does not appear if you have not configured ACS to use NDGs. To enable NDGs,
choose Interface Configuration > Advanced Options. Then, check the Network Device
Groups check box.