AAA Server Protocols
When using AAA services, requests can be sent to remote AAA servers for authentication, authorization, and accounting. Cisco supports two main protocols for these
Figure 10.2. AAA services transaction.
Remote Access Dial-in User Service
The Remote Access Dial-in User Service (RADIUS) protocol was originally developed by Livingston Enterprises, Inc., as an access protocol. This protocol provides authentication and accounting services and can be used by just about any size network or vendor. The protocol is a client/server configuration, and the PIX devices are the
Terminal Access Controller Access Control System Plus
Terminal Access Controller Access Control System (TACACS) was originally created by the U.S. government and is an
Supported AAA Servers
The Cisco PIX firewall can support several AAA servers. Most third-party AAA servers support the RADIUS protocol, making installations in multivendor environments very flexible. The following is a list of some supported AAA servers:
Cisco Secure Access Control Server
The Cisco Secure Access Control Server (CSACS) is Cisco's AAA server that supports both the RADIUS and TACACS+ protocols. The software provides centralized AAA services for AAA
The CSACS can be installed onto Unix or Microsoft Windows Server. Cisco uses a Web page front-end to configure the system. The following are some of the Windows requirements:
During the installation, the software asks for at least one network access server (NAS) to be set up. A NAS is an AAA client, and in this case it's the PIX firewall (see Figure 10.3). CSACS can support up to 2,000 AAA clients.
Figure 10.3. The CSACS NAS dialog box.