Cstacacs and csradius – Cisco 3.3 User Manual

Page 832

Advertising
background image

Appendix G Internal Architecture

CSTacacs and CSRadius

G-8

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

If the event is a warning event, it is logged and the administrator is notified.
No further action is taken. CSMon also attempts to fix the cause of the failure
after a sequence of re-tries and individual service restarts.

Customer-Definable Actions—If the predefined actions built into CSMon
do not fix the problem, CSMon can execute an external program or script.

CSTacacs and CSRadius

The CSTacacs and CSRadius services communicate between the CSAuth module
and the access device that is requesting authentication and authorization services.
For CSTacacs and CSRadius to work properly, the system must meet the
following conditions:

CSTacacs and CSRadius services must be configured from CSAdmin.

CSTacacs and CSRadius services must communicate with access devices
such as access servers, routers, switches, and firewalls.

The identical shared secret (key) must be configured both in Cisco Secure
ACS and on the access device.

The access device IP address must be specified in Cisco Secure ACS.

The type of security protocol being used must be specified in Cisco Secure
ACS.

CSTacacs is used to communicate with TACACS+ devices and CSRadius to
communicate with RADIUS devices. Both services can run at the same time.
When only one security protocol is used, only the applicable service needs to be
running; however, the other service will not interfere with normal operation and
does not need to be disabled. For more information about TACACS+ AV pairs, see

Appendix B, “TACACS+ Attribute-Value Pairs”

. For more information about

RADIUS+ AV pairs, see

Appendix C, “RADIUS Attributes”

.

Advertising