Home > Cisco > Control System > Cisco Acs 57 User Guide

Cisco Acs 57 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Acs 57 User Guide. The Cisco manuals for Control System are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 201

    Page 201 7 Managing Users and Identity Stores Managing External Identity Stores ACS 5.7 stores users with passcode in a cache. User and passcode are entered into the cache after successful authentication with the RSA SecurID server. Upon authentication with the RSA SecurID server, ACS tries first to search for the authenticating user and passcode in the cache. If not found, ACS authenticates with the RSA SecurID server. The passcode cache in ACS is available for a configurable amount of time from 1 to 300... 
    7   
Managing Users and Identity Stores
Managing External Identity Stores
ACS 5.7 stores users with passcode in a cache. User and passcode are entered into the cache after successful authentication 
with the RSA SecurID server. Upon authentication with the RSA SecurID server, ACS tries first to search for the authenticating 
user and passcode in the cache. If not found, ACS authenticates with the RSA SecurID server.
The passcode cache in ACS is available for a configurable amount of time from 1 to 300...

    Page 202

    Page 202 7 Managing Users and Identity Stores Managing External Identity Stores The RSA SecurID Token Server page appears with the configured servers. Related Topics: RSA SecurID Server, page 69 Configuring ACS Instance Settings, page 72 Configuring Advanced Options, page 74 Configuring ACS Instance Settings The ACS Instance Settings tab appears with the current list of ACS instances that are active in the system. You cannot add or delete these entries. However, you can edit the available RSA Realm settings... 
    7
Managing Users and Identity Stores
 
Managing External Identity Stores
The RSA SecurID Token Server page appears with the configured servers.
Related Topics:
RSA SecurID Server, page 69
Configuring ACS Instance Settings, page 72
Configuring Advanced Options, page 74
Configuring ACS Instance Settings
The ACS Instance Settings tab appears with the current list of ACS instances that are active in the system. You cannot add or 
delete these entries. However, you can edit the available RSA Realm settings...

    Page 203

    Page 203 7 Managing Users and Identity Stores Managing External Identity Stores Enable the RSA Options File You can enable the RSA options file (sdopts.rec) on each ACS instance to control routing priorities for connections between the RSA agent and the RSA servers in the realm. Table 57 on page 73 describes the fields in the RSA Options File tab. Do one of the following: Click OK to save the configuration. Click the Reset Agent Files tab to reset the secret key information or the status of active and... 
    7   
Managing Users and Identity Stores
Managing External Identity Stores
Enable the RSA Options File
You can enable the RSA options file (sdopts.rec) on each ACS instance to control routing priorities for connections between the 
RSA agent and the RSA servers in the realm.
Table 57 on page 73 describes the fields in the RSA Options File tab.
Do one of the following:
Click OK to save the configuration.
Click the Reset Agent Files tab to reset the secret key information or the status of active and...

    Page 204

    Page 204 7 Managing Users and Identity Stores Managing External Identity Stores 2.Click OK. Related Topics RSA SecurID Server, page 69 Creating and Editing RSA SecurID Token Servers, page 71 Configuring ACS Instance Settings, page 72 Editing ACS Instance Settings, page 72 Configuring Advanced Options, page 74 Configuring Advanced Options Use this page to do the following: Define what an access reject from an RSA SecurID token server means to you. Enable identity caching—Caching users in RSA is similar to... 
    7
Managing Users and Identity Stores
 
Managing External Identity Stores
2.Click OK.
Related Topics
RSA SecurID Server, page 69
Creating and Editing RSA SecurID Token Servers, page 71
Configuring ACS Instance Settings, page 72
Editing ACS Instance Settings, page 72
Configuring Advanced Options, page 74
Configuring Advanced Options
Use this page to do the following:
Define what an access reject from an RSA SecurID token server means to you.
Enable identity caching—Caching users in RSA is similar to...

    Page 205

    Page 205 7 Managing Users and Identity Stores Managing External Identity Stores Related Topics RSA SecurID Server, page 69 Creating and Editing RSA SecurID Token Servers, page 71 Configuring ACS Instance Settings, page 72 Editing ACS Instance Settings, page 72 Configuring Advanced Options, page 74 RADIUS Identity Stores RADIUS server is a third-party server that supports the RADIUS interface. RADIUS identity store, which is part of ACS, connects to the RADIUS server. RADIUS servers are servers that come... 
    7   
Managing Users and Identity Stores
Managing External Identity Stores
Related Topics
RSA SecurID Server, page 69
Creating and Editing RSA SecurID Token Servers, page 71
Configuring ACS Instance Settings, page 72
Editing ACS Instance Settings, page 72
Configuring Advanced Options, page 74
RADIUS Identity Stores
RADIUS server is a third-party server that supports the RADIUS interface. RADIUS identity store, which is part of ACS, connects 
to the RADIUS server.
RADIUS servers are servers that come...

    Page 206

    Page 206 7 Managing Users and Identity Stores Managing External Identity Stores EAP-FAST with inner EAP-GTC Failover ACS 5.7 allows you to configure multiple RADIUS identity stores. Each RADIUS identity store can have primary and secondary RADIUS servers. When ACS is unable to connect to the primary server, it uses the secondary server. Password Prompt RADIUS identity stores allow you to configure the password prompt. You can configure the password prompt through the ACS web interface. User Group Mapping To... 
    7
Managing Users and Identity Stores
 
Managing External Identity Stores
EAP-FAST with inner EAP-GTC
Failover
ACS 5.7 allows you to configure multiple RADIUS identity stores. Each RADIUS identity store can have primary and secondary 
RADIUS servers. When ACS is unable to connect to the primary server, it uses the secondary server.
Password Prompt
RADIUS identity stores allow you to configure the password prompt. You can configure the password prompt through the ACS 
web interface.
User Group Mapping
To...

    Page 207

    Page 207 7 Managing Users and Identity Stores Managing External Identity Stores RADIUS servers return an Access-Reject message for all error cases. For example, when a user is not found in the RADIUS server, instead of returning a User Unknown status, the RADIUS server returns an Access-Reject message. You can, however, enable the Treat Rejects as Authentication Failure or User Not Found option available in the RADIUS identity store pages of the ACS web interface. Authentication Failure Messages When a user... 
    7   
Managing Users and Identity Stores
Managing External Identity Stores
RADIUS servers return an Access-Reject message for all error cases. For example, when a user is not found in the RADIUS 
server, instead of returning a User Unknown status, the RADIUS server returns an Access-Reject message. 
You can, however, enable the Treat Rejects as Authentication Failure or User Not Found option available in the RADIUS identity 
store pages of the ACS web interface.
Authentication Failure Messages
When a user...

    Page 208

    Page 208 7 Managing Users and Identity Stores Managing External Identity Stores PEAP session resume—Happens after successful authentication during EAP session establishment EAP/FAST fast reconnect—Happens after successful authentication during EAP session establishment T+ Authorization—Happens after successful T+ Authentication ACS caches the results of successful authentications to process user lookup requests for these features. For every successful authentication, the name of the authenticated user and... 
    7
Managing Users and Identity Stores
 
Managing External Identity Stores
PEAP session resume—Happens after successful authentication during EAP session establishment
EAP/FAST fast reconnect—Happens after successful authentication during EAP session establishment
T+ Authorization—Happens after successful T+ Authentication
ACS caches the results of successful authentications to process user lookup requests for these features. For every successful 
authentication, the name of the authenticated user and...

    Page 209

    Page 209 7 Managing Users and Identity Stores Managing External Identity Stores 3.Complete the fields in the General tab. See Configuring General Settings, page 79 for a description of the fields in the General tab. 4.Yo u c a n : Click Submit to save the RADIUS Identity Server. Click the Shell Prompts tab. See Configuring Shell Prompts, page 81 for a description of the fields in the Shell Prompts tab. Click the Directory Attributes tab. See Configuring Directory Attributes, page 82 for a description of... 
    7   
Managing Users and Identity Stores
Managing External Identity Stores
3.Complete the fields in the General tab. See Configuring General Settings, page 79 for a description of the fields in the 
General tab.
4.Yo u  c a n :
Click Submit to save the RADIUS Identity Server.
Click the Shell Prompts tab. See Configuring Shell Prompts, page 81 for a description of the fields in the Shell Prompts tab.
Click the Directory Attributes tab. See Configuring Directory Attributes, page 82 for a description of...

    Page 210

    Page 210 8 Managing Users and Identity Stores Managing External Identity Stores Table 59 RADIUS Identity Server - General Tab Option Description Name Name of the external RADIUS identity server. Description (Optional) A brief description of the RADIUS identity server. SafeWord Server Check this check box to enable a two-factor authentication using a SafeWord server. Server Connection Enable Secondary Server Check this check box to use a secondary RADIUS identity server as a backup server in case the primary... 
    8
Managing Users and Identity Stores
 
Managing External Identity Stores
Table 59 RADIUS Identity Server - General Tab
Option Description
Name Name of the external RADIUS identity server.
Description (Optional) A brief description of the RADIUS identity server.
SafeWord Server Check this check box to enable a two-factor authentication using a 
SafeWord server.
Server Connection
Enable Secondary Server Check this check box to use a secondary RADIUS identity server as a 
backup server in case the primary...
    Start reading Cisco Acs 57 User Guide

    Related Manuals for Cisco Acs 57 User Guide

    All Cisco manuals