Adding a aaa server – Cisco 3.3 User Manual

Chapter 4 Network Configuration

AAA Server Configuration

4-24

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

–

Cisco Secure ACS—Select this option if the remote AAA server is
another Cisco Secure ACS. This enables you to configure features that
are only available with other Cisco Secure ACSes, such as CiscoSecure
user database replication and remote logging.

Note

The remote Cisco Secure ACS must be using version 2.1 or later.

•

Traffic Type—The Traffic Type list defines the direction in which traffic to
and from the remote AAA server is permitted to flow from this Cisco Secure
ACS. The list includes the following options:

–

Inbound—The remote AAA server accepts requests that have been
forwarded to it and does not forward the requests to another AAA server.
Select this option if you do not want to permit any authentication requests
to be forwarded from the remote AAA server.

–

Outbound—The remote AAA server sends out authentication requests
but does not receive them. If a Proxy Distribution Table entry is
configured to proxy authentication requests to a AAA server that is
configured for Outbound, the authentication request is not sent.

–

Inbound/Outbound—The remote AAA server forwards and accepts
authentication requests. This allows the selected server to handle
authentication requests in any manner defined in the distribution tables.

Adding a AAA Server

Before You Begin

For descriptions of the options available while adding a remote AAA server
configuration, see

AAA Server Configuration Options, page 4-22

.

For Cisco Secure ACS to provide AAA services to a remote AAA server, you
must ensure that gateway devices between the remote AAA server and
Cisco Secure ACS permit communication over the ports that support the
applicable AAA protocol (RADIUS or TACACS+). For information about ports
used by AAA protocols, see

AAA Protocols—TACACS+ and RADIUS, page 1-6

.