Home > Cisco > Control System > Cisco Acs 57 User Guide

Cisco Acs 57 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Acs 57 User Guide. The Cisco manuals for Control System are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 211

    Page 211 8 Managing Users and Identity Stores Managing External Identity Stores Related Topics RADIUS Identity Stores, page 75 Creating, Duplicating, and Editing RADIUS Identity Servers, page 78 Configuring Shell Prompts, page 81 Configuring Directory Attributes, page 82 Configuring Advanced Options, page 83 Configuring Shell Prompts For TACACS+ ASCII authentication, ACS must return the password prompt to the user. RADIUS identity server supports this functionality by the password prompt option. ACS can... 
    8   
Managing Users and Identity Stores
Managing External Identity Stores
Related Topics
RADIUS Identity Stores, page 75
Creating, Duplicating, and Editing RADIUS Identity Servers, page 78
Configuring Shell Prompts, page 81
Configuring Directory Attributes, page 82
Configuring Advanced Options, page 83
Configuring Shell Prompts
For TACACS+ ASCII authentication, ACS must return the password prompt to the user. RADIUS identity server supports this 
functionality by the password prompt option. ACS can...

    Page 212

    Page 212 8 Managing Users and Identity Stores Managing External Identity Stores Configuring Directory Attributes When a RADIUS identity server responds to a request, RADIUS attributes are returned along with the response. You can make use of these RADIUS attributes in policy rules. In the Directory Attributes tab, you can specify the RADIUS attributes that you use in policy rule conditions. ACS maintains a separate list of these attributes. 1.Modify the fields in the Directory Attributes tab as described in... 
    8
Managing Users and Identity Stores
 
Managing External Identity Stores
Configuring Directory Attributes
When a RADIUS identity server responds to a request, RADIUS attributes are returned along with the response. You can make 
use of these RADIUS attributes in policy rules. 
In the Directory Attributes tab, you can specify the RADIUS attributes that you use in policy rule conditions. ACS maintains a 
separate list of these attributes.
1.Modify the fields in the Directory Attributes tab as described in...

    Page 213

    Page 213 8 Managing Users and Identity Stores Configuring CA Certificates Configuring Advanced Options, page 83 Configuring Advanced Options In the Advanced tab, you can do the following: Define what an access reject from a RADIUS identity server means to you. Enable identity caching. Enable passcode caching. Table 61 on page 83 describes the fields in the Advanced tab of the RADIUS Identity Servers page. Click Submit to save the RADIUS Identity Server. Related Topics RADIUS Identity Stores, page 75... 
    8   
Managing Users and Identity Stores
Configuring CA Certificates
Configuring Advanced Options, page 83
Configuring Advanced Options
In the Advanced tab, you can do the following:
Define what an access reject from a RADIUS identity server means to you.
Enable identity caching.
Enable passcode caching.
Table 61 on page 83 describes the fields in the Advanced tab of the RADIUS Identity Servers page.
Click Submit to save the RADIUS Identity Server.
Related Topics
RADIUS Identity Stores, page 75...

    Page 214

    Page 214 8 Managing Users and Identity Stores Configuring CA Certificates You use the CA options to install digital certificates to support EAP-TLS authentication. ACS uses the X.509 v3 digital certificate standard. ACS also supports manual certificate acquisition and provides the means for managing a certificate trust list (CTL) and certificate revocation lists (CRLs). Digital certificates do not require the sharing of secrets or stored database credentials. They can be scaled and trusted over large... 
    8
Managing Users and Identity Stores
 
Configuring CA Certificates
You use the CA options to install digital certificates to support EAP-TLS authentication. ACS uses the X.509 v3 digital certificate 
standard. ACS also supports manual certificate acquisition and provides the means for managing a certificate trust list (CTL) 
and certificate revocation lists (CRLs).
Digital certificates do not require the sharing of secrets or stored database credentials. They can be scaled and trusted over 
large...

    Page 215

    Page 215 8 Managing Users and Identity Stores Configuring CA Certificates 4.Click Submit. The new certificate is saved. The Trust Certificate List page appears with the new certificate. Related Topics User Certificate Authentication, page 6 Overview of EAP-TLS, page 5 Editing a Certificate Authority and Configuring Certificate Revocation Lists Use this page to edit a trusted CA (Certificate Authority) certificate. 1.Choose Users and Identity Stores > Certificate Authorities. The Trust Certificate page... 
    8   
Managing Users and Identity Stores
Configuring CA Certificates
4.Click Submit. 
The new certificate is saved. The Trust Certificate List page appears with the new certificate.
Related Topics
User Certificate Authentication, page 6
Overview of EAP-TLS, page 5
Editing a Certificate Authority and Configuring Certificate Revocation Lists
Use this page to edit a trusted CA (Certificate Authority) certificate.
1.Choose Users and Identity Stores > Certificate Authorities.
The Trust Certificate page...

    Page 216

    Page 216 8 Managing Users and Identity Stores Configuring CA Certificates Table 63 Edit Certificate Authority Properties Page Option Description Issuer Friendly Name The name that is associated with the certificate. Description (Optional) A brief description of the CA certificate. Issued ToDisplay only. The entity to which the certificate is issued. The name that appears is from the certificate subject. Issued ByDisplay only. The certification authority that issued the certificate. Valid fromDisplay only. The... 
    8
Managing Users and Identity Stores
 
Configuring CA Certificates
Table 63 Edit Certificate Authority Properties Page
Option Description
Issuer
Friendly Name The name that is associated with the certificate.
Description (Optional) A brief description of the CA certificate.
Issued ToDisplay only. The entity to which the certificate is issued. The name that appears is 
from the certificate subject.
Issued ByDisplay only. The certification authority that issued the certificate.
Valid fromDisplay only. The...

    Page 217

    Page 217 8 Managing Users and Identity Stores Configuring CA Certificates 3.Click Submit. The Trust Certificate page appears with the edited certificate. The administrator has the rights to configure CRL and OCSP verification. If both CRL and OCSP verification are configured at the same time, then ACS performs OCSP verification first. If it detects any communication problems with either the primary or secondary servers, or if the verification returns the status of a given certificate as unknown, then ACS... 
    8   
Managing Users and Identity Stores
Configuring CA Certificates
3.Click Submit.
The Trust Certificate page appears with the edited certificate.
The administrator has the rights to configure CRL and OCSP verification. If both CRL and OCSP verification are configured at 
the same time, then ACS performs OCSP verification first. If it detects any communication problems with either the primary or 
secondary servers, or if the verification returns the status of a given certificate as unknown, then ACS...

    Page 218

    Page 218 8 Managing Users and Identity Stores Configuring CA Certificates This System Failure occurred: Certificate Authority is in use by one of the ACS nodes certificates. Your changes have not been saved. Click OK to return to the list page. If you want to delete or renew a CA certificate which is part of EAP or management certificate chain, we must map or unbind the EAP or management protocols to another server certificate that is not issued by the CA certificate and then renew or delete it. To renew or... 
    8
Managing Users and Identity Stores
 
Configuring CA Certificates
This System Failure occurred: Certificate Authority is in use by one of the ACS nodes certificates. Your 
changes have not been saved. Click OK to return to the list page.
If you want to delete or renew a CA certificate which is part of EAP or management certificate chain, we must map or unbind 
the EAP or management protocols to another server certificate that is not issued by the CA certificate and then renew or delete 
it.
To renew or...

    Page 219

    Page 219 8 Managing Users and Identity Stores Configuring Certificate Authentication Profiles Related Topics User Certificate Authentication, page 6 Overview of EAP-TLS, page 5 Configuring Certificate Authentication Profiles The certificate authentication profile defines the X509 certificate information to be used for a certificate- based access request. You can select an attribute from the certificate to be used as the username. You can select a subset of the certificate attributes to populate the... 
    8   
Managing Users and Identity Stores
Configuring Certificate Authentication Profiles
Related Topics
User Certificate Authentication, page 6
Overview of EAP-TLS, page 5
Configuring Certificate Authentication Profiles
The certificate authentication profile defines the X509 certificate information to be used for a certificate- based access request. 
You can select an attribute from the certificate to be used as the username. 
You can select a subset of the certificate attributes to populate the...

    Page 220

    Page 220 9 Managing Users and Identity Stores Configuring Identity Store Sequences Click Create. Check the check box next to the certificate authentication profile that you want to duplicate, then click Duplicate. Click the certificate authentication profile that you want to modify, or check the check box next to the name and click Edit. The Certificate Authentication Profile Properties page appears. 3.Complete the fields in the Certificate Authentication Profile Properties page as described in Table 64 on... 
    9
Managing Users and Identity Stores
 
Configuring Identity Store Sequences
Click Create.
Check the check box next to the certificate authentication profile that you want to duplicate, then click Duplicate. 
Click the certificate authentication profile that you want to modify, or check the check box next to the name and click Edit.
The Certificate Authentication Profile Properties page appears.
3.Complete the fields in the Certificate Authentication Profile Properties page as described in Table 64 on...
    Start reading Cisco Acs 57 User Guide

    Related Manuals for Cisco Acs 57 User Guide

    All Cisco manuals