Checking the Cisco Secure ACS
After you verify your settings on the Cisco Security Appliance, you should double-check the
settings on the Cisco Secure ACS to ensure that they match the Security Appliance. You also
can use the extensive logging information available in the Cisco Secure ACS Reports and
Activity window. You can find a list of troubleshooting information for the Cisco Secure ACS
in the Cisco Secure ACS online documentation. Simply enter Troubleshooting Information
for Cisco Secure ACS in the Search box at Cisco.com to find this documentation.
■ Verify connectivity between the Security Appliance and the Cisco Secure ACS.
■ Verify the configuration of the Security Appliance.
■ Verify the configuration of the Cisco Secure ACS.
Table 18-2 outlines the commands and syntax necessary to configure the Security Appliance
as a NAS.
Table 18-2 Commands to Configure the Security Appliance as a NAS
Command Description
aaa authentication include |
exclude authen-service if-name
local-ip local-mask foreign-ip
foreign-mask group-tag
Implements AAA authentication to include or exclude a
specific service that is inbound or outbound in a specific
interface for a specific source and destination address
assigned to a specific AAA server group as assigned by the
group tag.
aaa authentication match aclname
if-name server-tag
Matches the requirement for AAA authentication with a
specific ACL.
show aaa Displays your AAA configuration.
debug aaa authentication Displays the authentication communication between the
NAS and the AAA server.
aaa authorization include |
exclude author-service if-name
local-ip local-mask foreign-ip
foreign-mask server-tag
Implements AAA authorization to include or exclude a
specific service that is inbound or outbound in a specific
interface for a specific source and destination address
assigned to a specific AAA server group as assigned by the
group tag.
aaa authorization match aclname
inbound | outbound ifname
group-tag
Matches the requirement for AAA authorization with a
specific ACL.
debug aaa authorization Displays the authorization communication between the
NAS and the AAA server.
aaa accounting include | exclude
author-service if-name local-ip
local-mask foreign-ip foreignmask
server-tag
Implements AAA accounting to include or exclude a
specific service that is inbound or outbound in a specific
interface for a specific source and destination address
assigned to a specific AAA server group as assigned by the
group tag.
aaa accounting match acl-name
if-name server-tag
Matches the requirement for AAA accounting with a
specific ACL.
show aaa accounting Steps through individual recorded logs.
debug aaa accounting Displays the accounting communication between the NAS
and the AAA server.
Table 18-3 Commands to Display Communication Between the Security Appliance and the AAA Server
Command Description
debug tacacs Debugs TACACS communications between the Security Appliance and the
AAA server.
debug radius Debugs RADIUS communications between the Security Appliance and the
AAA server.
Table 18-2 Commands to Configure the Security Appliance as a NAS (Continued)