4-13
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Chapter 4 Setting Up and Managing Network Configuration
AAA Client Configuration
Note
If the AAA client represents multiple network devices, the key must be
identical on all network devices represented by the AAA client.
•
Network Device Group—The name of the NDG to which this AAA client
should belong. To make the AAA client independent of NDGs, use the Not
Assigned selection.
Note
This option does not appear if you have not configured Cisco Secure ACS
to use NDGs. To enable NDGs, click Interface Configuration, click
Advanced Options, and then select the Network Device Groups check
box.
•
Authenticate Using—The AAA protocol to be used for communications
with the AAA client. The Authenticate Using list includes Cisco IOS
and several vendor-specific implementations of RADIUS. If you
have configured user-defined RADIUS vendors and VSAs, those
vendor-specific RADIUS implementations appear on the list also. For
information about creating user-defined RADIUS VSAs, see
Custom
RADIUS Vendors and VSAs, page 8-33
.
The Authenticate Using list always contains the following selections:
–
(Cisco IOS)—The Cisco IOS protocol, which is
the standard choice when using Cisco Systems access servers, routers,
and firewalls. If the AAA client is a Cisco device-management
application, such as Management Center for PIX Firewall, you must use
this option.
–
RADIUS (Cisco Aironet)—RADIUS using Cisco Aironet VSAs. Select
this option if the network device is a Cisco Aironet Access Point used by
users authenticating with LEAP or EAP-TLS. When Cisco Secure ACS
receives an authentication request from a RADIUS (Cisco Aironet) AAA
client, Cisco Secure ACS first attempts authentication by using LEAP; if
this fails, Cisco Secure ACS fails over to EAP-TLS.
Using this option enables Cisco Secure ACS to send the wireless network
device a different session timeout value for user sessions than
Cisco Secure ACS sends to wired end-user clients.