Cisco Systems CSACS3415K9 Manual de usuario Pagina 606
- Pagina / 678
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
A-12
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Appendix A AAA Protocols
Overview of RADIUS
When the RADIUS server receives the access-request from the NAD, it searches a database for the
username. Depending on the result of the database query, an accept or reject is sent. A text message can
accompany the access-reject message to indicate the reason for the refusal.
In RADIUS, authentication and authorization are coupled. If the RADIUS server finds the username and
the password is correct, the RADIUS server returns an access-accept response, including a list of
attribute-value pairs that describe the parameters to use for this session. This list of parameters sets the
authorization rights for the user.
Typical parameters include:
• Service type
• Protocol type
• IP address to assign the user (static or dynamic)
• Access list to apply
• A static route to install in the NAD routing table
The configuration information in the RADIUS server defines which parameters to set on the NAD during
installation.
- Control System 5.4 1
- CONTENTS 3
- Contents 10
- OL-26225-01 10
- 12 Managing Alarms 12-1 12
- 13 Managing Reports 13-1 13
- 19 Understanding Logging 19-1 19
- A AAA Protocols A-1 19
- Notices C-1 22
- OpenSSL/Open SSL Project C-1 22
- License Issues C-1 22
- Audience 23
- Document Conventions 23
- Documentation Updates 24
- Related Documentation 24
- Table 2 Product Documentation 25
- Introducing ACS 5.4 27
- ACS Distributed Deployment 28
- ACS Licensing Model 29
- ACS Management Interfaces 29
- ACS Web-based Interface 30
- ACS Command Line Interface 30
- ACS Programmatic Interfaces 31
- Migration Requirements 34
- Supported Migration Versions 34
- Downloading Migration Files 35
- Common Scenarios in Migration 39
- ACS 5.x Policy Model 43
- Policy Terminology 45
- Simple Policies 46
- Rule-Based Policies 46
- Types of Policies 47
- Access Services 48
- Access Service Templates 49
- Access Services 50
- Identity Policy 51
- Failure Options 52
- Group Mapping Policy 53
- Service Selection Policy 54
- Rules-Based Service Selection 55
- First-Match Rule Tables 56
- Policy Conditions 58
- Policy Results 58
- Prerequisites 61
- Policy Terminology, page 3-3 63
- Policy Conditions, page 3-16 63
- Policy Results, page 3-16 63
- Common Scenarios Using ACS 65
- Session Administration 67
- Command Authorization 68
- Password-Based Network Access 69
- Using Certificates in ACS 74
- Agentless Network Access 76
- Host Lookup 77
- PAP/EAP-MD5 Authentication 79
- Agentless Network Access Flow 80
- Previous Step: 81
- Next Step: 81
- Agentless Network Access 82
- VPN Remote Network Access 84
- Supported Identity Stores 85
- Supported VPN Clients 86
- Creating Security Groups 88
- Creating SGACLs 89
- Configuring an NDAC Policy 89
- Creating an Egress Policy 91
- Creating a Default Policy 92
- Supported Protocols 94
- Supported RADIUS Attributes 95
- TACACS+ Body Encryption 95
- Connection to TACACS+ Server 95
- Configuring Proxy Service 96
- Understanding My Workspace 97
- Task Guides 98
- My Account Page 98
- Login Banner 99
- Using the Web Interface 99
- Accessing the Web Interface 100
- Logging Out 101
- Web Interface Design 102
- Navigation Pane 103
- Content Area 104
- List Pages 105
- Web Interface Location 105
- Using the Web Interface 107
- Filtering 108
- Secondary Windows 109
- Transfer Boxes 110
- Figure 5-10 Transfer Box 111
- Rule Table Pages 112
- Supported ACS Objects 114
- Object Type: User 115
- Object Type: Hosts 115
- Object Type: Network Device 115
- Object Type: Identity Group 116
- Object Type: NDG 116
- Object Type: Command Set 116
- Creating Import Files 117
- Creating the Import File 118
- Common Errors 121
- Deletion Errors 122
- Accessibility 123
- Keyboard and Mouse Features 124
- • To configure access 128
- • To configure compound 128
- • To configure schedules: 129
- • To create threshold alarms: 129
- Managing Network Resources 131
- Network Device Groups 132
- Related Topics 133
- Related Topics: 137
- IP Address 144
- Deleting Network Devices 147
- Working with OCSP Services 151
- Working with OCSP Services 152
- Deleting OCSP Servers 154
- Overview 155
- External Identity Stores 156
- Identity Groups 157
- Identity Sequences 158
- Authentication Information 159
- Managing Identity Attributes 161
- Standard Attributes 162
- User Attributes 162
- Host Attributes 163
- Creating Internal Users 165
- Deleting Internal Hosts 172
- Management Hierarchy 173
- LDAP Overview 176
- Directory Service 177
- Authentication Using LDAP 177
- Multiple LDAP Instances 177
- Failover 178
- LDAP Connection Management 178
- Attributes Retrieval 179
- Certificate Retrieval 180
- Related Topic 181
- Secondary Server 182
- • Username 185
- • Distinguished name 185
- Directory Structure 185
- Configuring LDAP Groups 187
- Viewing LDAP Attributes 188
- Microsoft AD 195
- Machine Authentication 197
- • The user account disabled 198
- • The user locked out 198
- Machine Access Restrictions 199
- MAR Cache Distribution Groups 200
- Dial-In Permissions 201
- Dial-In Support Attributes 202
- Joining ACS to an AD Domain 203
- Selecting an AD Group 207
- Configuring AD Attributes 208
- RSA SecurID Server 211
- Editing ACS Instance Settings 215
- Configuring Advanced Options 216
- RADIUS Identity Stores 217
- Password Prompt 218
- User Group Mapping 218
- Groups and Attributes Mapping 218
- User Attribute Cache 220
- Configuring General Settings 221
- Configuring Shell Prompts 223
- Configuring CA Certificates 225
- 12515 EAP-TLS failed SSL/TLS 227
- Supported Name Constraints: 230
- Unsupported Name Constraints: 230
- Authentication Sequence 231
- Attribute Retrieval Sequence 232
- Internal User/Host 233
- Managing Policy Elements 237
- Managing Policy Conditions 238
- Deleting a Session Condition 242
- Managing Network Conditions 242
- Importing Network Conditions 244
- Exporting Network Conditions 245
- Defining Common Tasks 262
- Defining Custom Attributes 265
- Managing Access Policies 271
- Policy Creation Flow 272
- Customizing a Policy 274
- Service Selection Policy Page 276
- Before You Begin 278
- Displaying Hit Counts 280
- Configuring Access Services 281
- Configuring Access Services 282
- Deleting an Access Service 291
- Viewing Identity Policies 292
- Creating Policy Rules 308
- Duplicating a Rule 309
- Editing Policy Rules 309
- Deleting Policy Rules 310
- Types of Compound Conditions 312
- Egress Policy Matrix Page 316
- NDAC Policy Page 318
- NDAC Policy Properties Page 319
- Maximum User Sessions 321
- Max Session User Settings 322
- Max Session Group Settings 322
- Max Session Global Setting 323
- Purging User Sessions 324
- Related topics 325
- Dashboard Pages 328
- Dashboard Pages 329
- Working with Portlets 330
- Working with Portlets 331
- Adding Tabs to the Dashboard 332
- Adding Applications to Tabs 333
- Changing the Dashboard Layout 334
- Managing Alarms 335
- Evaluating Alarm Thresholds 336
- Notifying Users of Events 337
- Incremental Backup 339
- Understanding Alarm Schedules 343
- Deleting Alarm Schedules 345
- Passed Authentications 348
- Failed Authentications 350
- Authentication Inactivity 352
- TACACS Command Accounting 353
- TACACS Command Authorization 354
- ACS Configuration Changes 355
- ACS System Diagnostics 356
- ACS Process Status 357
- ACS System Health 358
- ACS AAA Health 359
- RADIUS Sessions 360
- Unknown NAD 361
- External DB Unavailable 362
- RBACL Drops 363
- NAD-Reported AAA Downtime 365
- Deleting Alarm Thresholds 367
- Deleting Alarm Syslog Targets 370
- Managing Reports 371
- Working with Favorite Reports 373
- Editing Favorite Reports 375
- Running Favorite Reports 375
- Sharing Reports 376
- Working with Catalog Reports 377
- Access Service 378
- ACS Instance 378
- Endpoint 379
- Failure Reason 379
- Network Device 379
- Security Group Access 380
- Session Directory 380
- Running Catalog Reports 381
- Deleting Catalog Reports 382
- Running Named Reports 383
- Customizing Reports 389
- Viewing Reports 390
- About Standard Viewer 391
- About Interactive Viewer 391
- Navigating Reports 392
- Table of contents 393
- Exporting Report Data 394
- Viewing Reports 395
- Printing Reports 396
- Editing Labels 397
- Formatting Labels 398
- Formatting Data 398
- Resizing Columns 399
- Formatting Data in Columns 399
- Formatting Data Types 400
- Formatting Numeric Data 401
- Formatting String Data 403
- Formatting Custom String Data 403
- 415-555-2121 404
- Formatting Date and Time 405
- Formatting Boolean Data 406
- Applying Conditional Formats 407
- Organizing Report Data 411
- Organizing Report Data 412
- Removing Columns 414
- Hiding Columns 415
- Displaying Hidden Columns 415
- Merging Columns 415
- Figure 13-29 Separate Columns 416
- Figure 13-30 Merged Column 416
- Sorting Data 417
- Sorting a Single Column 417
- Sorting Multiple Columns 417
- Grouping Data 419
- Adding Groups 420
- Removing an Inner Group 421
- Creating Report Calculations 422
- Working with Aggregate Data 433
- Deleting Aggregate Rows 437
- Displaying Repeated Values 438
- Working with Filters 439
- Types of Filter Conditions 440
- Setting Filter Values 441
- Creating Filters 442
- Understanding Charts 446
- Modifying Charts 447
- Changing Chart Subtype 448
- Changing Chart Formatting 448
- Understanding Charts 449
- Report Viewer 451
- Expert Troubleshooter 452
- Performing Connectivity Tests 453
- Restoring Data from a Backup 475
- Viewing Log Collections 476
- Log Collection Details Page 478
- Recovering Log Messages 480
- Viewing Scheduled Jobs 480
- Viewing Scheduled Jobs 481
- Viewing Process Status 482
- Viewing Data Upgrade Status 483
- Viewing Failure Reasons 483
- Editing Failure Reasons 483
- Specifying E-Mail Settings 484
- Configuring SNMP Preferences 484
- Deleting Collection Filters 486
- Understanding Roles 491
- Permissions 492
- Predefined Roles 493
- Changing Role Associations 494
- Accounts 495
- Viewing Predefined Roles 497
- Viewing Role Properties 498
- Administrator Identity Policy 503
- Administrator Login Process 509
- Configuring System Operations 513
- Activating Secondary Servers 515
- Removing Secondary Servers 516
- Promoting a Secondary Server 516
- Understanding Local Mode 516
- Scheduled Backups 518
- Editing Instances 521
- Editing Instances 522
- Instance Data 523
- Deleting a Secondary Instance 525
- Management Page 529
- Operations Page 529
- Instance 535
- Configuring TACACS+ Settings 539
- Configuring EAP-TLS Settings 540
- Configuring PEAP Settings 541
- Configuring EAP-FAST Settings 541
- Generating EAP-FAST PAC 542
- Managing Dictionaries 543
- Managing Dictionaries 544
- Deleting Certificates 557
- Exporting Certificates 558
- Configuring Logs 559
- Configuring Logs 560
- Deleting a Remote Log Target 561
- Configuring the Local Log 562
- Deleting Local Log Data 562
- Viewing ADE-OS Logs 566
- Configure Logged Attributes 569
- Displaying Logging Categories 570
- Configuring the Log Collector 571
- Licensing Overview 572
- Installing a License File 573
- Viewing the Base License 574
- Available Downloads 578
- Available Downloads 579
- Downloading Rest Services 580
- Understanding Logging 581
- Using Log Targets 582
- Logging Categories 582
- About Logging 583
- Log Message Severity Levels 584
- Local Store Target 585
- Critical Log Target 587
- Remote Syslog Server Target 588
- CSCOacs string 589
- Viewing Log Messages 590
- Debug Logs 591
- :\Program Files\CiscoSecu 592
- AAA Protocols 595
- Appendix A AAA Protocols 596
- Typical Use Cases 596
- Network device 597
- ACS Runtime 597
- Identity 597
- Overview of TACACS+ 599
- Overview of RADIUS 600
- ACS 5.4 as the AAA Server 601
- Overview of RADIUS 602
- Authentication 603
- Authorization 603
- Accounting 603
- Add Attribute 604
- Update Attribute 604
- RADIUS Access Requests 605
- • Service type 606
- • Protocol type 606
- • Access list to apply 606
- Authentication in ACS 5.4 607
- RADIUS PAP Authentication 609
- Overview of EAP-MD5 611
- EAP- MD5 Flow in ACS 5.4 611
- Overview of EAP-TLS 612
- PKI Authentication 613
- PKI Credentials 614
- Acquiring Local Certificates 615
- Certificate Generation 616
- Exporting Credentials 617
- Credentials Distribution 618
- EAP-TLS Flow in ACS 5.4 619
- PEAPv0/1 620
- Overview of PEAP 621
- Fast Reconnect 622
- Session Resume 622
- PEAP Flow in ACS 5.4 623
- Creating the TLS Tunnel 624
- EAP-FAST 625
- EAP-FAST 626
- EAP-FAST in ACS 5.4 627
- About Master-Keys 628
- About PACs 628
- Provisioning Modes 629
- Types of PACs 629
- Manual PAC Provisioning 631
- PAC-Less Authentication 632
- EAP-FAST Flow in ACS 5.4 633
- EAP-FAST PAC Management 634
- Key Distribution Algorithm 635
- Revocation Method 635
- PAC Migration from ACS 4.x 635
- EAP-MSCHAPv2 636
- Overview of EAP-MSCHAPv2 637
- Certificate Attributes 638
- Certificate Binary Comparison 639
- Certificate Revocation 640
- OpenSSL/Open SSL Project 645
- Original SSLeay License: 646
- GLOSSARY 649
- Glossary 650
- XML (eXtensible 667
- Markup Language) 667
- YEAR function 13-60 678
Relacionado con productos y manuales para Software Cisco Systems CSACS3415K9
Software Cisco Systems OL-8155-01 Manual de usuario
(150 paginas)
(150 paginas)
Software Cisco Systems MGX and SES Manual de usuario
(90 paginas)
(90 paginas)
Software Cisco Systems H.323/SIP Guía de usuario
(54 paginas)
(54 paginas)
Software Cisco Systems ESW 500 Manual de usuario
(442 paginas)
(442 paginas)
Software Cisco Systems OL-11390-01 Manual de usuario
(20 paginas)
(20 paginas)
Software Cisco Systems ONS 15327 Manual de usuario
(42 paginas)
(42 paginas)
Software Cisco Systems OL-3995-01 Manual de usuario
(120 paginas)
(120 paginas)
Software Cisco Systems 6500/7600 Manual de usuario
(134 paginas)
(134 paginas)
Software Cisco Systems OL-7029-01 Manual de usuario
(342 paginas)
(342 paginas)
Software Cisco Systems OL-14361-01 Manual de usuario
(28 paginas)
(28 paginas)
Software Cisco Systems N3KC3064TFAL3 Manual de usuario
(164 paginas)
(164 paginas)
Software Cisco Systems 1.4 Manual de usuario
(146 paginas)
(146 paginas)
Software Cisco Systems OL-5385-01 Manual de usuario
(22 paginas)
(22 paginas)
Software Cisco Systems OL-6415-04 Manual de usuario
(188 paginas)
(188 paginas)
Software Cisco Systems OL-10984-01 Manual de usuario
(104 paginas)
(104 paginas)
Software Cisco Systems SMC-127 Manual de usuario
(40 paginas)
(40 paginas)
Software Cisco Systems PGW 2200 Guía de usuario
(436 paginas)
(436 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.047 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales