Support User Manuals

Cisco Systems Servers Server User Manual

Open as PDF

of 654

4-7

Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide

78-13751-01, Version 3.0

Chapter 4 Setting Up and Managing Network Configuration

Proxy in Distributed Systems

AAA server. However, Mary occasionally travels to a division within the

corporation in New York, where she still needs to access the corporate network to

get her e-mail and other files. When Mary is in New York, she dials in to the New

York office and logs in as mary@corporate.com. Her username is not recognized

by the New York Cisco Secure ACS, but the Proxy Distribution Table contains an

entry, “la”, to forward the authentication request to the Los Angeles

Cisco Secure ACS. Because Mary’s username and password information reside

on that AAA server, when she authenticates correctly, the authorization

parameters assigned to her are applied by the AAA client in the New York office.

Remote Use of Accounting Packets

When proxy is employed, Cisco Secure ACS can dispatch AAA accounting

packets in one of three ways:

• Log them locally

• Forward them to the destination AAA server

• Log them locally and forward copies to the destination AAA server

Sending accounting packets to the remote Cisco Secure ACS offers several

benefits. When Cisco Secure ACS is configured to send accounting packets to the

remote AAA server, the remote AAA server logs an entry in the accounting report

for that session on the destination server. Cisco Secure ACS also caches the user’s

connection information and adds an entry in the List Logged on Users report. You

can then view the information for users that are currently connected. Because the

accounting information is being sent to the remote AAA server, even if the

connection fails, you can view the Failed Attempts report to troubleshoot the

failed connection.

Sending the accounting information to the remote AAA server also enables you

to use the Max Sessions feature. The Max Sessions feature uses the Start and Stop

records in the accounting packet. If the remote AAA server is a Cisco Secure ACS

and the Max Sessions feature is implemented, you can track the number of

sessions allowed for each user or group.

You can also choose to have Voice over IP (VoIP) accounting information logged

remotely, either appended to the RADIUS Accounting log, in a separate VoIP

Accounting log, or both.

previous next