Filter
Top Products
1-5
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter 1 Overview of Cisco Secure ACS
AAA Server Functions and Concepts
• Authorization, page 1-15
• Accounting, page 1-17
• Administration, page 1-18
Cisco Secure ACS and the AAA Client
A AAA client is software running on a network device that enables the network
device to defer authentication, authorization, and logging (accounting) of user
sessions to a AAA server. AAA clients must be configured to direct all end-user
client access requests to Cisco Secure ACS for authentication of users and
authorization of service requests. Using the TACACS+ or RADIUS protocol, the
AAA client sends authentication requests to Cisco Secure ACS.
Cisco Secure ACS verifies the username and password using the user databases it
is configured to query. Cisco Secure ACS returns a success or failure response to
the AAA client, which permits or denies user access, based on the response it
receives. When the user authenticates successfully, Cisco Secure ACS sends a set
of authorization attributes to the AAA client. The AAA client then begins
forwarding accounting information to Cisco Secure ACS.
When the user has successfully authenticated, a set of session attributes can be
sent to the AAA client to provide additional security and control of privileges,
otherwise known as authorization. These attributes might include the IP address
pool, access control list, or type of connection (for example, IP, IPX, or Telnet).
More recently, networking vendors are expanding the use of the attribute sets
returned to cover an increasingly wider aspect of user session provisioning.
AAA Protocols—TACACS+ and RADIUS
Cisco Secure ACS can use both the TACACS+ and RADIUS AAA protocols.
Table 1-1 on page 1-6 provides a comparison of the two protocols.