Filter
Top Products
3-8
User Guide for Cisco Secure Access Control Server
OL-9971-01
Chapter 3 Network Configuration
Configuring AAA Clients
Step 6 If you want to download a file containing the search results in a comma-separated value format, click
Download, and use your browser to save the file to a location and filename of your choice.
Step 7 If you want to search again by using different criteria, repeat Step 3 and Step 4.
Configuring AAA Clients
This guide uses the term “AAA client” comprehensively to signify the device through which or to which
service access is attempted. This is the RADIUS orTACACS+ client device, and may comprise Network
Access Servers (NASs), PIX Firewalls, routers, or any other RADIUS or TACACS+ hardware or
software client.
This section contains the following topics:
• AAA Client Configuration Options, page 3-8
• Adding AAA Clients, page 3-11
• Editing AAA Clients, page 3-12
• Deleting AAA Clients, page 3-14
AAA Client Configuration Options
AAA client configurations enable ACS to interact with the network devices that the configuration
represents. A network device that does not have a corresponding configuration in ACS, or whose
configuration in ACS is incorrect, does not receive AAA services from ACS.
The Add AAA Client and AAA Client Setup pages include:
• AAA Client Hostname—The name that you assign to the AAA client configuration. Each AAA
client configuration can represent multiple network devices; thus, the AAA client hostname
configured in ACS is not required to match the hostname configured on a network device. We
recommend that you adopt a descriptive, consistent naming convention for AAA client hostnames.
Maximum length for AAA client hostnames is 32 characters.
Note After you submit the AAA client hostname, you cannot change it. If you want to use a
different name for AAA clients, delete the AAA client configuration and create a new AAA
client configuration by using the new name.
• AAA Client IP Address—At a minimum, a single IP address of the AAA client or the keyword
dynamic.
If you only use the keyword dynamic, with no IP addresses, the AAA client configuration can only
be used for command authorization for Cisco multi device-management applications, such as
Management Center for Firewalls. ACS only provides AAA services to devices based on IP address;
so it ignores such requests from a device whose AAA client configuration only has the keyword
dynamic in the Client IP Address box.
If you want the AAA client configuration in ACS to represent multiple network devices, you can
specify multiple IP addresses. Separate each IP address by pressing Enter.
In each IP address that you specify, you have three options for each octet in the address: