Adding an NAS to Cisco Secure ACS
To add an NAS (AAA client) to Cisco Secure ACS, you charge baddest the
Network Configuration button on the larboard ancillary of the Cisco Secure ACS
HTML interface, as apparent in Figure 5.12.
If you are not application Network Device Groups (NDGs), a affection that allows
you to administer a accumulating of AAA audience and servers as a distinct analytic group,
click the Add Entry button beneath the AAA audience table, as apparent in Figure
5.13.
www.syngress.com
Figure 5.12 Cisco Secure ACS Capital Interface Network Configuration
238 Chapter 5 • Authentication, Authorization, and Accounting
NOTE
If you appetite to accredit NDGs, bang the Interface Configuration button
from the capital screen, bang Advanced Options, baddest the Network
Device Groups analysis box, and bang Submit.
If you are application NDGs, you charge to bang the name of the NDG to which
you appetite to accredit the AAA client, as apparent in Figure 5.14.
When the account of AAA applicant tables for the called NDG appears, bang the
Add Entry button beneath the AAA audience table.You should now see the AAA
client window apparent in Figure 5.15. Enter the name and IP abode of the AAA
client in the AAA Applicant Hostname and AAA Applicant IP Abode boxes,
respectively. Enter the aggregate abstruse that the AAA applicant and server will use for
authentication in the Key argument box. If you accept enabled NDGs, baddest the NDG
to which this AAA applicant will accord from the Network Device Accumulation dropdown
list. If you accept not enabled NDGs, this drop-down account will not arise on
the screen. Baddest the affidavit adjustment that you appetite to use for the AAA
client from the Authenticate Application drop-down list. For the PIX firewall, you will
use either TACACS+ (Cisco IOS) or RADIUS (Cisco IOS/PIX).
www.syngress.com
Figure 5.13 The Cisco Secure ACS Network Configuration Window without
NDGs
Authentication, Authorization, and Accounting • Chapter 5 239
www.syngress.com
Figure 5.14 The Cisco Secure ACS Network Configuration Window with NDGs
Figure 5.15 The Cisco Secure ACS AAA Applicant Window
240 Chapter 5 • Authentication, Authorization, and Accounting
After selecting the adapted affidavit method, you can accept to
enable one or added of the options for advice with the AAA audience that
are articular in Table 5.1.
Table 5.1 AAA Applicant Advice Options
Option Description
Single Connect TACACS+ AAA Applicant Enables a distinct affiliation from the
(Record stop in accounting on failure) AAA applicant instead of a abstracted one
for every TACACS+ request.
Log Update/Watchdog Packets from Enables babysitter packets, which are
this AAA Applicant beatific periodically during a affair and
help actuate the approximate
length of a affair back an AAA
client fails and no stop packet is
received.
Log RADIUS Tunneling Packets from Allows RADIUS tunneling accounting
this AAA Applicant packets to be logged.
After selecting any of the adapted advice options, bang the Submit
+ Restart button to apparatus the changes immediately.This best saves the
changes and restarts the Cisco Secure ACS casework so that the new configuration
information is loaded. If you appetite to save the changes but accept them implemented
at some point in the future, artlessly bang the Submit button. In this case,
when you appetite the changes to booty effect, you charge manually restart the services
through the System Configuration | Service Control window.