Configuring the ACE as a Client of a RADIUS, TACACS+, or LDAP Server
Configuring the ACE as a Client of a RADIUS,
TACACS+, or LDAP Server
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
2-24
You can specify one or more AAA server groups to identify the server and the
remote authentication protocol, RADIUS, TACACS+, or LDAP. You can
configure multiple AAA servers (of the same server type) for each server group.
For each AAA server, you can specify the following:
The server IP address and port.
•
•
Encryption key (shared secret) to authenticate communication between the
ACE and AAA server (RADIUS and TACACS+ servers only).
The number of times that the ACE retransmits an authentication request to a
•
timed-out server before it declares the AAA server to be unresponsive and
contacts the next AAA server in the group (RADIUS and TACACS+ servers
only).
The time interval that the ACE waits for a server to reply to an authentication
•
request before retransmitting another request to the server.
•
The time interval in which the ACE sends probes to a AAA server to verify
whether the server is available and can receive authentication requests. The
dead-time interval starts when the server does not respond to the number of
authentication request transmissions.
•
Independent server groups of TACACS+, RADIUS, or LDAP servers.
This section contains the following topics:
Configuring RADIUS on the ACE
•
Configuring TACACS+ on the ACE
•
Configuring LDAP on the ACE
•
Configuring AAA Server Groups
•
Chapter 2
Configuring Authentication and Accounting Services
OL-16202-01