Filter
Top Products
3-16
User Guide for Cisco Secure Access Control Server
OL-9971-01
Chapter 3 Network Configuration
Configuring AAA Servers
• Log Update/Watchdog Packets from this remote AAA Server—Enables logging of update or
watchdog packets from AAA clients that are forwarded by the remote AAA server to this ACS.
Watchdog packets are interim packets that are sent periodically during a session. They provide you
with an approximate session length if the AAA client fails and, therefore, no stop packet is received
to mark the end of the session.
• AAA Server Type—One of types:
–
RADIUS—Select this option if the remote AAA server is configured by using any type of
RADIUS protocol.
–
TACACS+—Select this option if the remote AAA server is configured by using the TACACS+
protocol.
–
ACS—Select this option if the remote AAA server is another ACS. This action enables you to
configure features that are only available with other ACSs, such as ACS internal database
replication and remote logging.
• Traffic Type—The Traffic Type list defines the direction in which traffic to and from the remote
AAA server is permitted to flow from this ACS. The list includes:
–
Inbound—The remoteAAA server accepts requests that have been forwarded to itand does not
forward the requests to another AAA server. Select this option if you do not want to permit any
authentication requests to be forwarded from the remote AAA server.
–
Outbound—The remote AAA server sends out authentication requests but does not receive
them. If a Proxy Distribution Table entry is configured to proxy authentication requests to the
AAA server that is configured for Outbound, the authentication request is not sent.
–
Inbound/Outbound—The remote AAA server forwards and accepts authentication requests,
allowing the selected server to handle authentication requests in any manner that is defined in
the distribution tables.
• AAA Server RADIUS Authentication Port—Specify the port on which the AAA server accepts
authentication requests. The standard port is 1812, and another commonly used port is 1645. If you
select TACACS+ in the AAA Server Type field, this RADIUS Authentication Port field is dimmed.
• AAA Server RADIUS Accounting Port—Specify the port on which the AAA server accepts
accounting information. The standard port is 1813, and another commonly used port is 1646. If you
select TACACS+ in the AAA Server Type field, this RADIUS Accounting Port field is dimmed.
Adding AAA Servers
Before You Begin
For descriptions of the options that are available while adding a remote AAA server configuration, see
AAA Server Configuration Options, page 3-15.
For ACS to provide AAA services to a remote AAA server, you must ensure that gateway devices
between the remote AAA server and ACS permit communication over the ports that support the
applicable AAAprotocol (RADIUS or TACACS+). For information about ports that AAA protocolsuse,
see AAA Protocols—TACACS+ and RADIUS, page 1-3.
To add and configure AAA servers:
Step 1 In the navigation bar, click Network Configuration.
The Network Configuration page opens.