Table of Contents
Advertisement
AAA Client Configuration
Note
Step 6
If you are using NDGs, from the Network Device Group list, select the name of
the NDG to which this AAA client should belong, or select Not Assigned to set
this AAA client to be independent of NDGs.
Note
From the Authenticate Using list, select the network security protocol used by the
Step 7
AAA client. Select either one of the following options, or any other custom
RADIUS VSA that you have configured:
•
•
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
4-10
For correct operation, the identical key must be configured on the
AAA client and Cisco Secure ACS. Keys are case sensitive. Because
the shared secrets are not synchronized in any way, it is easy to make
mistakes when entering them upon both devices. Such mistakes will
cause the AAA server to discard all packets from the client because it
must treat the client as a potential intruder and a threat to the
network's security.
To enable NDGs, click Interface Configuration, click Advanced
Options, and then select the Network Device Groups check box.
TACACS+ (Cisco IOS)—Select this option to use TACACS+, which is the
standard choice when using Cisco Systems access servers, routers, and
firewalls.
RADIUS (Cisco Aironet)—Select this option if the network device is a
Cisco Aironet device that supports authentication via Cisco Secure ACS,
such as an Access Point 340 or 350. When configured to use the RADIUS
(Cisco Aironet) authentication protocol, Cisco Secure ACS first attempts to
to authenticate a user by using LEAP; if this fails, Cisco Secure ACS fails
over to EAP-TLS.
Aironet authentication is limited to users whose records reside in
Note
either the CiscoSecure user database, a Windows NT/2000 user
database, or an ODBC user database.
Chapter 4
Setting Up and Managing Network Configuration
78-13751-01, Version 3.0
Advertisement
Table of Contents
Troubleshooting
