Authentication – Cisco 3.3 User Manual

Page 48

Advertising
background image

Chapter 1 Overview

AAA Server Functions and Concepts

1-8

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

RFC 2868

RFC 2869

The ports used for authentication and accounting have changed in RADIUS RFC
documents. To support both the older and newer RFCs, Cisco Secure ACS accepts
authentication requests on port 1645 and port 1812. For accounting, Cisco Secure
ACS accepts accounting packets on port 1646 and 1813.

In addition to support for standard IETF RADIUS attributes, Cisco Secure ACS
includes support for RADIUS vendor-specific attributes (VSAs). We have
predefined the following RADIUS VSAs in Cisco Secure ACS:

Cisco IOS/PIX

Cisco VPN 3000

Cisco VPN 5000

Ascend

Juniper

Microsoft

Nortel

Cisco Secure ACS also supports up to 10 RADIUS VSAs that you define. After
you define a new RADIUS VSA, you can use it as you would one of the RADIUS
VSAs that come predefined in Cisco Secure ACS. In the Network Configuration
section of the Cisco Secure ACS HTML interface, you can configure a AAA
client to use a user-defined RADIUS VSA as its AAA protocol. In Interface
Configuration, you can enable user-level and group-level attributes for
user-defined RADIUS VSAs. In User Setup and Group Setup, you can configure
the values for enabled attributes of a user-defined RADIUS VSA.

For more information about creating user-defined RADIUS VSAs, see

Custom

RADIUS Vendors and VSAs, page 9-28

.

Authentication

Authentication determines user identity and verifies the information. Traditional
authentication uses a name and a fixed password. More modern and secure
methods use technologies such as CHAP and one-time passwords (OTPs).
Cisco Secure ACS supports a variety of these authentication methods.

Advertising