Chapter 11 Working with User Databases
Token Server User Databases
11-62
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Step 5
Under External User Database Configuration, select the name of the
RADIUS-enabled token server you need to configure.
Note
If only one RADIUS-enabled token server configuration exists, the name
of that configuration appears instead of the list. Proceed to Step 6.
Step 6
Click Configure.
Step 7
In the RADIUS Configuration table, type the required information in the
following boxes:
•
Primary Server Name/IP—The hostname or IP address of the primary
RADIUS token server. If you provide the hostname, the hostname must be
resolvable by DNS.
•
Secondary Server Name/IP—The hostname or IP address of the secondary
RADIUS token server. If you provide the hostname, the hostname must be
resolvable by DNS.
•
Shared Secret—The shared secret of the RADIUS server. This must be
identical to the shared secret with which the RADIUS token server is
configured.
•
Authentication Port—The UDP port over which the RADIUS server
conducts authentication sessions. If the RADIUS token server is installed on
the same Windows server as Cisco Secure ACS, this port should not be the
same port used by Cisco Secure ACS for RADIUS authentication. For more
information about the ports used by Cisco Secure ACS for RADIUS, see
RADIUS, page 1-6
.
Note
For Cisco Secure ACS to send RADIUS OTP messages to a
RADIUS-enabled token server, you must ensure that gateway devices
between the RADIUS-enabled token server and Cisco Secure ACS
allow communication over the UDP port specified in the
Authentication Port box.
•
Timeout (seconds):—The number of seconds Cisco Secure ACS waits for a
response from the RADIUS token server before retrying the authentication
request.