Cisco 3.3 User Manual

4-23

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 4 Network Configuration

AAA Server Configuration

Note

After you submit the AAA server name, you cannot change it. If you
want to use a different name for a AAA server, delete the AAA server
configuration and create a AAA server configuration using the new
name.

•

AAA Server IP Address—The IP address of the AAA server, in dotted, four
octet format. For example, 10.77.234.3.

•

Key—The shared secret of the AAA server. Maximum length for a AAA
server key is 32 characters.

For correct operation, the key must be identical on the remote AAA server
and Cisco Secure ACS. Keys are case sensitive. Because shared secrets are
not synchronized, it is easy to make mistakes when entering them upon
remote AAA servers and Cisco Secure ACS. If the shared secret does not
match, Cisco Secure ACS discards all packets from the remote AAA server.

•

Network Device Group—The name of the NDG to which this AAA server
should belong. To make the AAA server independent of NDGs, use the Not
Assigned selection.

Note

This option does not appear if you have not configured Cisco Secure
ACS to use NDGs. To enable NDGs, click Interface Configuration,
click Advanced Options, and then select the Network Device
Groups check box.

•

Log Update/Watchdog Packets from this remote AAA Server—Enables
logging of update, or watchdog, packets from AAA clients that are forwarded
by the remote AAA server to this Cisco Secure ACS. Watchdog packets are
interim packets sent periodically during a session. They provide you with an
approximate session length if a AAA client fails and, therefore, no stop
packet is received to mark the end of the session.

•

AAA Server Type—One of the following three types:

–

RADIUS—Select this option if the remote AAA server is configured
using any type of RADIUS protocol.

–

TACACS+—Select this option if the remote AAA server is configured
using the TACACS+ protocol.