Filter
Top Products
3-3
User Guide for Cisco Secure Access Control Server
OL-9971-01
Chapter 3 Network Configuration
Proxy in Distributed Systems
These types of access control have unique authentication and authorization requirements. With ACS,
system administrators can use a variety of authentication methods that are used with different degrees
of authorization privileges.
Completing the AAA functionality, ACS serves as a central repository for accounting information. Each
user session that ACS grants can be fully accounted for, and its accounting information can be stored in
the server. You can use this accounting information for billing, capacity planning, and security audits.
Note If the fields mentioned in this section do not appear in the ACS web interface, you can enable them by
choosing Interface Configuration > Advanced Options. Then, check the Distributed SystemSettings
check box.
Default Distributed System Settings
You use the AAA Servers table and the Proxy Distribution Table to establish distributed system settings.
The parameters that are configured within these tables create the foundation so that you can configure
multiple ACSs to work withone another. Each table contains an ACS entry foritself. Inthe AAA Servers
table, the only AAA server that is initially listed is itself (in ACS SE, the server name is listed as self);
the Proxy Distribution Table lists an initial entry of (Default), which displays how the local ACS is
configured to handle each authentication request locally.
You can configure additional AAA servers in the AAA Servers table. These devices can, therefore,
become visible in the web interface so that they can be configured for other distributed features such as
proxy, ACS internal database replication, remote logging, and RDBMS synchronization. For
information about configuring additional AAA servers, see Adding AAA Servers, page 3-16.
Proxy in Distributed Systems
Proxy is a powerful feature that enables you to use ACS for authentication in a network that uses more
than one AAA server. This section contains the following topics:
• The Proxy Feature, page 3-3
• Fallback on Failed Connection, page 3-4
• Remote Use of Accounting Packets, page 3-5
• Other Features Enabled by System Distribution, page 3-6
The Proxy Feature
Using proxy, ACS automatically forwards an authentication request from AAA clients to AAA servers.
After the request has been successfully authenticated, the authorization privileges that you configured
for the useron theremote AAA server are passedback tothe originalACS, wherethe AAAclient applies
the user profile information for that session.
Proxy provides a useful service to users, suchas business travelers, who dial in to a network device other
than the one they normally use and would otherwise be authenticated by a foreign AAA server. To
configure proxy, you choose Interface Configuration > Advanced Options. Then, check the
Distributed System Settings check box.