Cisco 3.3 User Manual

9-45

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 9 System Configuration: Advanced

IP Pools Server

you enable this feature, Cisco Secure ACS dynamically issues IP addresses from
the IP pools you have defined by number or name. You can configure up to 999 IP
pools, for approximately 255,000 users.

If you are using IP pooling and proxy, all accounting packets are proxied so that
the Cisco Secure ACS that is assigning the IP addresses can confirm whether an
IP address is already in use.

Note

IP pool definitions are not replicated by the CiscoSecure Database Replication
feature; however, user and group assignments to IP pools are replicated. By not
replicating IP pool definitions, Cisco Secure ACS avoids inadvertently assigning
an IP address that a replication partner has already assigned to a different
workstation. To support IP pools in a AAA environment that uses replication, you
must manually configure each secondary Cisco Secure ACS to have IP pools with
names identical to the IP pools defined on the primary Cisco Secure ACS.

To use IP pools, the AAA client must have network authorization (in IOS, aaa
authorization network) and accounting (in IOS, aaa accounting) enabled.

Note

To use the IP Pools feature, you must set up your AAA client to perform
authentication and accounting using the same protocol—either TACACS+ or
RADIUS.

For information on assigning a group or user to an IP pool, see

Setting IP Address

Assignment Method for a User Group, page 6-28

or

Assigning a User to a Client

IP Address, page 7-10

.

Allowing Overlapping IP Pools or Forcing Unique Pool Address
Ranges

Cisco Secure ACS provides automated detection of overlapping pools.

Note

To use overlapping pools, you must be using RADIUS with VPN, and you cannot
be using Dynamic Host Configuration Protocol (DHCP).