Table of Contents
Advertisement
Remote Security Database
As your network expands, you need a centralized security database that provides username and
password information to each of the access servers on the network. This centralized security
database resides in a security server. (See Figure 4-2.)
An example of a security server is the CiscoSecure Access Control Server, a UNIX security daemon
that enables administrators to create databases that define network users and their privileges.
CiscoSecure uses a central database that stores user and group profiles with authentication and
authorization information.
The Cisco AS5300 exchanges user authentication information with a TACACS+ or RADIUS
database on the security server by transmitting encrypted TACACS+ or RADIUS packets across the
network.
For specific information about the interaction between security servers and access servers, refer to
the Security Configuration Guide, available online at
http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/secur_c/
Figure 4-2
A remote, centralized security database is useful when you have a large number of access servers
providing network access. It prevents having to update each access server with new or changed
authentication and authorization information for thousands of dial-in network users. A centralized
security database also helps establish consistent remote access policies throughout a corporation.
Remote Security Database
with many dial-in access servers
48 or 60 dial-in ports on
each Cisco AS5300
access server
Cisco AS5300
Cisco AS5300
Cisco AS5300
TACACS+ server or
Cisco AS5300
RADIUS server
Cisco AS5300
Remote security server
provides centralized
security database
to all dial-in access servers.
Large corporate network
Cisco AS5300
Router
Router
Remote Security Database
UNIX server
Novell server
Windows NT server
Macintosh server
Access Service Security 4-3
Advertisement
Table of Contents
