Home > Cisco > Control System > Cisco Acs 57 User Guide

Cisco Acs 57 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Acs 57 User Guide. The Cisco manuals for Control System are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 481

    Page 481 1 Cisco Systems, Inc.www.cisco.com Managing System Administration Configurations After you install Cisco Secure ACS, you must configure and administer it to manage your network efficiently. The ACS web interface allows you to easily configure ACS to perform various operations. For a list of post-installation configuration tasks to get started with ACS, see Post-Installation Configuration Tasks, page 1. When you choose System Administration > Configuration, you can access pages that allow you do the... 
    1
Cisco Systems, Inc.www.cisco.com
 
Managing System Administration 
Configurations
After you install Cisco Secure ACS, you must configure and administer it to manage your network efficiently. The ACS 
web interface allows you to easily configure ACS to perform various operations. For a list of post-installation 
configuration tasks to get started with ACS, see Post-Installation Configuration Tasks, page 1.
When you choose System Administration > Configuration, you can access pages that allow you do the...

    Page 482

    Page 482 2 Managing System Administration Configurations Configuring Global System Options Configuring EAP-TLS Settings Use the EAP-TLS Settings page to configure EAP-TLS runtime characteristics. Choose System Administration > Configuration > Global System Options > EAP-TLS Settings. The EAP-TLS Settings page appears as described in Table 2 on page 2: Table 1 TACACS+ Settings Option Description Port to Listen Port number on which to listen. By default, the port number is displayed as 49. ACS 5.7 allows you... 
    2
Managing System Administration Configurations
 
Configuring Global System Options
Configuring EAP-TLS Settings
Use the EAP-TLS Settings page to configure EAP-TLS runtime characteristics. 
Choose System Administration > Configuration > Global System Options > EAP-TLS Settings.
The EAP-TLS Settings page appears as described in Table 2 on page 2:
Table 1 TACACS+ Settings 
Option Description
Port to Listen Port number on which to listen. By default, the port number is displayed as 49. ACS 5.7 allows 
you...

    Page 483

    Page 483 3 Managing System Administration Configurations Configuring Global System Options Configuring PEAP Settings Use the PEAP Settings page to configure PEAP runtime characteristics. Choose System Administration > Configuration > Global System Options > PEAP Settings. The PEAP Settings page appears as described in Table 3 on page 3: Related Topics Generating EAP-FAST PAC, page 4 Configuring HTTP Proxy Settings for CRL Requests ACS 5.7 introduces proxy settings for CRL downloads to proxy requests and... 
    3   
Managing System Administration Configurations
Configuring Global System Options
Configuring PEAP Settings
Use the PEAP Settings page to configure PEAP runtime characteristics. 
Choose System Administration > Configuration > Global System Options > PEAP Settings.
The PEAP Settings page appears as described in Table 3 on page 3:
Related Topics
Generating EAP-FAST PAC, page 4
Configuring HTTP Proxy Settings for CRL Requests
ACS 5.7 introduces proxy settings for CRL downloads to proxy requests and...

    Page 484

    Page 484 4 Managing System Administration Configurations Configuring Global System Options Related Topics Adding a Certificate Authority, page 84 Configuring EAP-FAST Settings Use the EAP-FAST Settings page to configure EAP-FAST runtime characteristics. Select System Administration > Configuration > Global System Options > EAP-FAST > Settings. The EAP-FAST Settings page appears as described in Table 5 on page 4: Generating EAP-FAST PAC Use the EAP-FAST Generate PAC page to generate a user or machine PAC.... 
    4
Managing System Administration Configurations
 
Configuring Global System Options
Related Topics
Adding a Certificate Authority, page 84
Configuring EAP-FAST Settings
Use the EAP-FAST Settings page to configure EAP-FAST runtime characteristics. 
Select System Administration > Configuration > Global System Options > EAP-FAST > Settings.
The EAP-FAST Settings page appears as described in Table 5 on page 4:
Generating EAP-FAST PAC
Use the EAP-FAST Generate PAC page to generate a user or machine PAC....

    Page 485

    Page 485 5 Managing System Administration Configurations Configuring RSA SecurID Prompts 2.Click Generate PAC. Configuring RSA SecurID Prompts You can configure RSA prompts for an ACS deployment. The set of RSA prompts that you configure is used for all RSA realms and ACS instances in a deployment. To configure RSA SecurID Prompts: 1.Choose System Administration > Configuration > Global System Options > RSA SecurID Prompts. The RSA SecurID Prompts page appears. 2.Modify the fields described in Table 7 on page... 
    5   
Managing System Administration Configurations
Configuring RSA SecurID Prompts
2.Click Generate PAC.
Configuring RSA SecurID Prompts
You can configure RSA prompts for an ACS deployment. The set of RSA prompts that you configure is used for all RSA 
realms and ACS instances in a deployment. To configure RSA SecurID Prompts:
1.Choose System Administration > Configuration > Global System Options > RSA SecurID Prompts.
The RSA SecurID Prompts page appears.
2.Modify the fields described in Table 7 on page...

    Page 486

    Page 486 6 Managing System Administration Configurations Managing Dictionaries 3.Click Submit to configure the RSA SecurID Prompts. Managing Dictionaries The following tasks are available when you select System Administration > Configuration > Dictionaries: Viewing RADIUS and TACACS+ Attributes, page 6 Configuring Identity Dictionaries, page 12 Viewing RADIUS and TACACS+ Attributes The RADIUS and TACACS+ Dictionary pages display the available protocol attributes in these dictionaries: RADIUS (IETF) RADIUS... 
    6
Managing System Administration Configurations
 
Managing Dictionaries
3.Click Submit to configure the RSA SecurID Prompts.
Managing Dictionaries
The following tasks are available when you select System Administration > Configuration > Dictionaries:
Viewing RADIUS and TACACS+ Attributes, page 6
Configuring Identity Dictionaries, page 12
Viewing RADIUS and TACACS+ Attributes
The RADIUS and TACACS+ Dictionary pages display the available protocol attributes in these dictionaries:
RADIUS (IETF)
RADIUS...

    Page 487

    Page 487 7 Managing System Administration Configurations Managing Dictionaries Use the arrows to scroll through the attribute list. ACS 5.7 also supports RADIUS vendor-specific attributes (VSAs). A set of predefined RADIUS VSAs are available. You can define additional vendors and attributes from the ACS web interface. You can create, edit, or delete RADIUS VSAs. After you have defined new VSAs, you can use them in policies, authorization profiles, and RADIUS token servers in the same way as predefined... 
    7   
Managing System Administration Configurations
Managing Dictionaries
Use the arrows to scroll through the attribute list.
ACS 5.7 also supports RADIUS vendor-specific attributes (VSAs). A set of predefined RADIUS VSAs are available. 
You can define additional vendors and attributes from the ACS web interface. You can create, edit, or delete RADIUS 
VSAs. 
After you have defined new VSAs, you can use them in policies, authorization profiles, and RADIUS token servers in 
the same way as predefined...

    Page 488

    Page 488 8 Managing System Administration Configurations Managing Dictionaries 3.Click Submit to save the changes. Related Topics Viewing RADIUS and TACACS+ Attributes, page 6 Importing RADIUS Vendors and Vendor-Specific Attributes ACS 5.7 supports importing RADIUS vendors and RADIUS vendor-specific attributes (VSAs). In ACS 5.7, you have the option to import the RADIUS vendors and RADIUS VSAs from a text file. This text file is based on the Free RADIUS format. For more information on the Free RADIUS format,... 
    8
Managing System Administration Configurations
 
Managing Dictionaries
3.Click Submit to save the changes.
Related Topics
Viewing RADIUS and TACACS+ Attributes, page 6
Importing RADIUS Vendors and Vendor-Specific Attributes
ACS 5.7 supports importing RADIUS vendors and RADIUS vendor-specific attributes (VSAs). In ACS 5.7, you have the 
option to import the RADIUS vendors and RADIUS VSAs from a text file. This text file is based on the Free RADIUS format. 
For more information on the Free RADIUS format,...

    Page 489

    Page 489 9 Managing System Administration Configurations Managing Dictionaries Figure 1 Example for RADIUS Vendor and VSAs in Free RADIUS File The # key at the beginning of a line indicates that the line is a comment line. The keyword VENDOR at the beginning of a line indicates that the line has vendors. The keyword ATTRIBUTE at the beginning of a line indicates that the line has VSAs. The value of a VSA should start with the vendor name. For instance, if the vendor name is Cisco, then the attribute value... 
    9   
Managing System Administration Configurations
Managing Dictionaries
Figure 1 Example for RADIUS Vendor and VSAs in Free RADIUS File
The # key at the beginning of a line indicates that the line is a comment line. The keyword VENDOR at the beginning of 
a line indicates that the line has vendors. The keyword ATTRIBUTE at the beginning of a line indicates that the line has 
VSAs. The value of a VSA should start with the vendor name. For instance, if the vendor name is Cisco, then the attribute 
value...

    Page 490

    Page 490 10 Managing System Administration Configurations Managing Dictionaries 3.Click Download Template to download the import file template from the ACS web interface and save it to your client machine. 4.Enter the RADIUS vendors and RADIUS VSAs in the specified format and save them. 5.Click Browse to browse to the location of the Free RADIUS format file that has the RADIUS vendors and RADIUS VSAs and is ready to be imported. 6.Click Start Import to start the import operation. The RADIUS vendors and RADIUS... 
    10
Managing System Administration Configurations
 
Managing Dictionaries
3.Click Download Template to download the import file template from the ACS web interface and save it to your client 
machine.
4.Enter the RADIUS vendors and RADIUS VSAs in the specified format and save them.
5.Click Browse to browse to the location of the Free RADIUS format file that has the RADIUS vendors and RADIUS 
VSAs and is ready to be imported.
6.Click Start Import to start the import operation.
The RADIUS vendors and RADIUS...
    Start reading Cisco Acs 57 User Guide

    Related Manuals for Cisco Acs 57 User Guide

    All Cisco manuals