Filter
Top Products
1-7
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter 1 Overview of Cisco Secure ACS
AAA Server Functions and Concepts
In addition to support for standard IETF RADIUS attributes, Cisco Secure ACS
includes support for RADIUS vendor-specific attributes (VSAs). We have
predefined the following RADIUS VSAs in Cisco Secure ACS:
• Cisco IOS/PIX
• Cisco VPN 3000
• Cisco VPN 5000
• Ascend
• Juniper
• Microsoft
• Nortel
Cisco Secure ACS also supports up to 10 RADIUS VSAs that you define. After
you define a new RADIUS VSA, you can use it as you would one of the RADIUS
VSAs that come predefined in Cisco Secure ACS. In the Network Configuration
section of the Cisco Secure ACS HTML interface, you can configure a AAA
client to use a user-defined RADIUS VSA as its AAA protocol. In Interface
Configuration, you can enable user-level and group-level attributes for
user-defined RADIUS VSAs. In User Setup and Group Setup, you can configure
the values for enabled attributes of a user-defined RADIUS VSA.
For more information about creating user-defined RADIUS VSAs, see the
“User-Defined RADIUS Vendors and VSA Sets” section on page E-27.
Authentication
Authentication determines user identity and verifies the information. Traditional
authentication uses a name and a fixed password. More modern and secure
methods use technologies such as CHAP and one-time passwords (OTPs).
Cisco Secure ACS supports a wide variety of these authentication methods.
There is a fundamental implicit relationship between authentication and
authorization. The more authorization privileges granted to a user, the stronger
the authentication should be. Cisco Secure ACS supports this fundamental
relationship by providing various methods of authentication.