Table of Contents | Cisco Access Control Security: AAA Administration Services

Cisco Access Control Security: AAA Administrative Services
By Brandon Carroll
...............................................
Publisher: Cisco Press
Pub Date: May 27, 2004
ISBN: 1-58705-124-9
Pages: 456

Table of Contents | Index

About the Author

About the Technical Reviewers

Acknowledgments

Icons Used in This Book

Introduction

How This Book Is Organized

Target Audience

Features of this Book

Troubleshooting

Part I. AAA Overview

Chapter 1. Authentication, Authorization, and Accounting Overview

Authentication Overview

Authentication Example

Authorization Overview

Authorization Example

Accounting Overview

Accounting Example

Cisco Device Support for AAA

Summary

End Notes

Chapter 2. TACACS+ and RADIUS

A Brief Overview of TACACS+

A Brief Overview of RADIUS

TACACS+ in Detail

RADIUS in Detail

Summary

End Notes

Chapter 3. Authentication Configuration on Cisco Routers

Local Authentication

Authentication Configurations Using Cisco Secure ACS for Windows Server and Cisco Secure ACS Solution Engine

Debugging Authentication

Authentication Command References

Summary

Part II. Enterprise AAA and Cisco Secure Access Control Server

Chapter 4. Enterprise Authentication Servers

Cisco Secure Access Control Server Software and Versions

Cisco Secure Solution Engine

Summary

Chapter 5. Deploying Cisco Secure Access Control Server for Windows Server

What Is ACS?

How to Obtain ACS

Requirements to Run ACS Version 3.2

Installing ACS

Reinstalling ACS and Using an Existing ACS Database

Positioning ACS in Your Network

Summary

Chapter 6. Getting Familiar with CSACS

Navigating the HTML Interface

Starting Point for Configuring Your Server

Configuring Your Interface

Preparing to Add Users

Summary

Chapter 7. Configuring User Accounts

Adding Users to the Database

User Changeable Passwords

Authenticating Users to a Windows NT/2000 Database

Advanced Configurations

Summary

End Notes

Chapter 8. Configuring User Groups

Group-Level Configuration of ACS

PPP Callback Configuration

Configuring Network Access Restrictions

Max Sessions, Usage Quotas, and Password Aging Rules

IP Assignment and Downloadable ACLs

Using TACACS+ for Group Configuration

Summary

End Notes

Chapter 9. Managing Network Configurations

Configuring a Distributed System

Configuring Network Device Groups

Configuring Proxy Distribution Tables

Using Remote Accounting

Using Network Device Searches

Creating a Complete Distributed Network

Client Configuration

Troubleshooting Network Configurations

Summary

Chapter 10. Configuring Shared Profile Components

Downloadable ACLs

Network Access Restrictions

Configuring Network Access Restrictions

Command Authorization Sets

Troubleshooting Extended Configurations

Common Issues of Network Access Restrictions

And Do Not Forget the Importance of Documentation

Summary

Chapter 11. System Configuration

How Users Interact with Your External Database Configuration

External Database Configuration

Database Group Mappings

Unknown User Policy

Database Replication

Synchronization of ACS Devices

Summary

End Notes

Chapter 12. Reports and Logging for Windows Server

ACS Reports

Logging Attributes in ACS Reports

ACS Reports

Remote Logging with ACS

Additional Logs Maintained by ACS

Summary

Chapter 13. Exploring TACACS+ Attribute Values

TACACS+ AV Pairs Overview

Attributes of TACACS+ AV Pairs

AV Pair Example PPP Network

Understanding TACACS+ AV Pairs in the ACS Interface

Summary

Part III. Service Provider AAA and the Cisco Access Registrar

Chapter 14. Service Provider AAA and the Cisco CNS Access Registrar

Service Provider (SP) Model

Service Provider Challenge

Value Added Services

Cisco CNS Access Registrar

Options of AR

AR's Architecture

Installation Requirements for AR on Solaris 8

Installing AR

AR's Subdirectories

Configuring Cisco CNS AR

Summary

End Notes

Chapter 15. Configuring the Cisco Access Registrar

Using aregcmd to Configure AR

AR's Server Object Hierarchy

Configuring the ACE ISP as a Basic Site

Configuring AR's Administrators

Configuring the RADIUS Server

Validating and Saving Your Changes to AR

Testing Your Configuration

Troubleshooting Your Configuration with trace

Summary

End Notes

Part IV. Appendix

Appendix A. RADIUS Attribute Tables

3000 Series Concentrator VSAs

Cisco VPN 5000 Concentrator RADIUS VSAs

Cisco Building Broadband Service Manager Dictionary of RADIUS VSA

IETF Dictionary of RADIUS Attribute Value Pairs

Microsoft Radius VSAs

Ascend RADIUS

Nortel RADIUS

Juniper RADIUS

Index