Benutzerhandbuch für Cisco Systems 3.3

Benutzerhandbuch (English)

Benutzerhandbuch

Inhaltsverzeichnis

Contents
3
Preface
29
- Audience
  29
- Organization
  29
- Conventions
  31
- Product Documentation
  32
- Related Documentation
  33
- Obtaining Documentation
  35
  - Cisco.com
    36
  - Ordering Documentation
    36
- Documentation Feedback
  36
- Obtaining Technical Assistance
  37
- Obtaining Additional Publications and Information
  39
Overview
41
- The CiscoSecure ACS Paradigm
  42
- CiscoSecure ACS Specifications
  43
  - System Performance Specifications
    43
  - CiscoSecure ACS Windows Services
    44
- AAA Server Functions and Concepts
  45
- CiscoSecure ACS HTML Interface
  65
Deployment Considerations
77
- Basic Deployment Requirements for CiscoSecure ACS
  78
  - System Requirements
    78
  - Network and Port Requirements
    80
- Basic Deployment Factors for CiscoSecure ACS
  82
  - Network Topology
    82
    - Dial-Up Topology
      82
    - Wireless Network
      85
    - Remote Access using VPN
      88
  - Remote Access Policy
    90
  - Security Policy
    91
  - Administrative Access Policy
    91
    - Separation of Administrative and General Users
      93
  - Database
    94
    - Number of Users
      94
    - Type of Database
      94
  - Network Latency and Reliability
    95
- Suggested Deployment Sequence
  95
Interface Configuration
99
- Interface Design Concepts
  100
  - User-to-Group Relationship
    100
  - Per-User or Per-Group Features
    100
- User Data Configuration Options
  101
  - Defining New User Data Fields
    101
- Advanced Options
  102
  - Setting Advanced Options for the CiscoSecure ACS User Interface
    104
- Protocol Configuration Options for TACACS+
  105
  - Setting Options for TACACS+
    107
- Protocol Configuration Options for RADIUS
  109
  - Setting Protocol Configuration Options for IETF RADIUS Attributes
    114
  - Setting Protocol Configuration Options for Non-IETF RADIUS Attributes
    115
Network Configuration
117
- About Network Configuration
  117
- About Distributed Systems
  118
  - AAA Servers in Distributed Systems
    119
  - Default Distributed System Settings
    119
- Proxy in Distributed Systems
  120
  - Fallback on Failed Connection
    121
    - Character String
      122
    - Stripping
      122
  - Proxy in an Enterprise
    122
  - Remote Use of Accounting Packets
    123
  - Other Features Enabled by System Distribution
    124
- Network Device Searches
  124
  - Network Device Search Criteria
    124
  - Searching for Network Devices
    125
- AAA Client Configuration
  127
  - AAA Client Configuration Options
    127
  - Adding a AAA Client
    132
  - Editing a AAA Client
    135
  - Deleting a AAA Client
    137
- AAA Server Configuration
  137
  - AAA Server Configuration Options
    138
  - Adding a AAA Server
    140
  - Editing a AAA Server
    142
  - Deleting a AAA Server
    144
- Network Device Group Configuration
  144
- Proxy Distribution Table Configuration
  150
Shared Profile Components
155
- About Shared Profile Components
  155
- Network Access Filters
  156
- Downloadable IP ACLs
  161
- Network Access Restrictions
  168
- Command Authorization Sets
  179
User Group Management
191
- About User Group Setup Features and Functions
  192
  - Default Group
    192
  - Group TACACS+ Settings
    192
- Basic User Group Settings
  193
- Configuration-specific User Group Settings
  206
- Group Setting Management
  244
User Management
247
- About User Setup Features and Functions
  247
- About User Databases
  248
- Basic User Setup Options
  249
- Advanced User Authentication Settings
  268
- User Management
  300
  - Listing All Users
    301
  - Finding a User
    301
  - Disabling a User Account
    302
  - Deleting a User Account
    303
  - Resetting User Session Quota Counters
    304
  - Resetting a User Account after Login Failure
    305
  - Saving User Settings
    306
System Configuration: Basic
307
- Service Control
  307
  - Determining the Status of CiscoSecure ACS Services
    308
  - Stopping, Starting, or Restarting Services
    308
- Logging
  309
- Date Format Control
  309
  - Setting the Date Format
    309
- Local Password Management
  311
  - Configuring Local Password Management
    313
- CiscoSecure ACS Backup
  315
- CiscoSecure ACS System Restore
  320
- CiscoSecure ACS Active Service Management
  323
  - System Monitoring
    323
    - System Monitoring Options
      324
    - Setting Up System Monitoring
      325
  - Event Logging
    326
    - Setting Up Event Logging
      326
- VoIP Accounting Configuration
  327
  - Configuring VoIP Accounting
    327
System Configuration: Advanced
329
- CiscoSecure Database Replication
  329
- RDBMS Synchronization
  353
- IP Pools Server
  372
- IP Pools Address Recovery
  379
  - Enabling IP Pool Address Recovery
    379
System Configuration: Authentication and Certificates
381
- About Certification and EAP Protocols
  381
  - Digital Certificates
    382
  - EAP-TLS Authentication
    382
    - About the EAP-TLS Protocol
      383
    - EAP-TLS and CiscoSecure ACS
      384
    - EAP-TLS Limitations
      386
    - Enabling EAP-TLS Authentication
      387
  - PEAP Authentication
    388
    - About the PEAP Protocol
      388
    - PEAP and CiscoSecure ACS
      389
    - PEAP and the Unknown User Policy
      391
    - Enabling PEAP Authentication
      392
  - EAP-FAST Authentication
    393
    - About EAP-FAST
      393
    - About Master Keys
      395
    - About PACs
      397
      - Automatic PAC Provisioning
        398
      - Manual PAC Provisioning
        400
    - Master Key and PAC TTLs
      401
    - Replication and EAP-FAST
      402
    - Enabling EAP-FAST
      405
- Global Authentication Setup
  406
  - Authentication Configuration Options
    407
  - Configuring Authentication Options
    413
- CiscoSecure ACS Certificate Setup
  414
Logs and Reports
433
- Logging Formats
  434
- Special Logging Attributes
  434
- NAC Attributes in Logs
  436
- Update Packets in Accounting Logs
  437
- About CiscoSecure ACS Logs and Reports
  438
- Working with CSV Logs
  447
  - CSV Log File Names
    447
  - CSV Log File Locations
    448
  - Enabling or Disabling a CSV Log
    449
  - Viewing a CSV Report
    450
  - Configuring a CSV Log
    451
- Working with ODBC Logs
  453
- Remote Logging
  458
- Service Logs
  463
  - Services Logged
    464
  - Configuring Service Logs
    465
Administrators and Administrative Policy
467
- Administrator Accounts
  467
- Access Policy
  477
  - Access Policy Options
    478
  - Setting Up Access Policy
    480
- Session Policy
  482
  - Session Policy Options
    482
  - Setting Up Session Policy
    483
- Audit Policy
  484
User Databases
485
- CiscoSecure User Database
  486
  - About the CiscoSecure User Database
    486
  - User Import and Creation
    487
- About External User Databases
  488
  - Authenticating with External User Databases
    489
  - External User Database Authentication Process
    490
- Windows User Database
  491
- Generic LDAP
  516
- Novell NDS Database
  533
- ODBC Database
  539
- LEAP Proxy RADIUS Server Database
  559
  - Configuring a LEAP Proxy RADIUS Server External User Database
    560
- Token Server User Databases
  562
- Deleting an External User Database Configuration
  570
Network Admission Control
573
- About Network Admission Control
  573
  - NAC AAA Components
    574
  - Posture Validation
    575
  - Posture Tokens
    576
  - Non-Responsive NAC-Client Computers
    577
- Implementing Network Admission Control
  577
- NAC Databases
  582
- NAC Policies
  588
  - Local Policies
    589
    - About Local Policies
      590
    - About Rules, Rule Elements, and Attributes
      591
      - NAC Attribute Data Types
        591
      - Rule Operators
        592
    - Local Policy Configuration Options
      594
    - Rule Configuration Options
      596
    - Creating a Local Policy
      597
  - External Policies
    600
  - Editing a Policy
    606
  - Deleting a Policy
    608
Unknown User Policy
611
- Known, Unknown, and Discovered Users
  612
- Authentication and Unknown Users
  614
- Posture Validation and the Unknown User Policy
  620
- Authorization of Unknown Users
  623
- Unknown User Policy Options
  623
- Database Search Order
  624
- Configuring the Unknown User Policy
  626
- Disabling Unknown User Authentication
  627
User Group Mapping and Specification
629
- About User Group Mapping and Specification
  629
- Group Mapping by External User Database
  630
  - Creating a CiscoSecure ACS Group Mapping for a Token Server, ODBC Database, or LEAP Proxy RADIUS...
    631
- Group Mapping by Group Set Membership
  632
- NAC Group Mapping
  641
  - Configuring NAC Group Mapping
    641
- RADIUS-Based Group Specification
  642
Troubleshooting
645
- Administration Issues
  646
- Browser Issues
  648
- Cisco IOS Issues
  649
- Database Issues
  651
- Dial-in Connection Issues
  654
- Debug Issues
  658
- Proxy Issues
  659
- Installation and Upgrade Issues
  660
- MaxSessions Issues
  660
- Report Issues
  661
- Third-Party Server Issues
  663
- User Authentication Issues
  664
- TACACS+ and RADIUS Attribute Issues
  666
TACACS+ Attribute-Value Pairs
667
- Cisco IOS AV Pair Dictionary
  667
  - TACACS+ AV Pairs
    668
  - TACACS+ Accounting AV Pairs
    670
RADIUS Attributes
673
- CiscoIOS Dictionary of RADIUS AV Pairs
  674
- CiscoIOS/PIX Dictionary of RADIUS VSAs
  677
- About the cisco-av-pair RADUIS Attribute
  679
- CiscoVPN 3000 Concentrator Dictionary of RADIUS VSAs
  681
- Cisco VPN 5000 Concentrator Dictionary of RADIUS VSAs
  685
- Cisco Building Broadband Service Manager Dictionary of RADIUS VSA
  686
- IETF Dictionary of RADIUS AV Pairs
  686
- Microsoft MPPE Dictionary of RADIUS VSAs
  700
- Ascend Dictionary of RADIUS AV Pairs
  703
- Nortel Dictionary of RADIUS VSAs
  715
- Juniper Dictionary of RADIUS VSAs
  716
CSUtil Database Utility
717
- Location of CSUtil.exe and Related Files
  718
- CSUtil.exe Syntax
  718
- CSUtil.exe Options
  719
- Displaying Command-Line Syntax
  721
- Backing Up CiscoSecure ACS with CSUtil.exe
  722
- Restoring CiscoSecure ACS with CSUtil.exe
  723
- Creating a CiscoSecure User Database
  724
- Creating a CiscoSecure ACS Database Dump File
  726
- Loading the CiscoSecure ACS Database from a Dump File
  727
- Compacting the CiscoSecure User Database
  728
- User and AAA Client Import Option
  730
  - Importing User and AAA Client Information
    731
  - User and AAA Client Import File Format
    732
    - About User and AAA Client Import File Format
      733
    - ONLINE or OFFLINE Statement
      733
    - ADD Statements
      734
    - UPDATE Statements
      735
    - DELETE Statements
      737
    - ADD_NAS Statements
      737
    - DEL_NAS Statements
      739
    - Import File Example
      740
- Exporting User List to a Text File
  740
- Exporting Group Information to a Text File
  741
- Exporting Registry Information to a Text File
  742
- Decoding Error Numbers
  743
- Recalculating CRC Values
  744
- User-Defined RADIUS Vendors and VSA Sets
  744
- PAC File Generation
  756
  - PAC File Options and Examples
    757
  - Generating PAC Files
    759
- Posture Validation Attributes
  760
VPDN Processing
781
- VPDN Process
  781
RDBMS Synchronization Import Definitions
787
- accountActions Specification
  787
- Action Codes
  790
- CiscoSecure ACS Attributes and Action Codes
  818
  - User-Specific Attributes
    818
  - User-Defined Attributes
    820
  - Group-Specific Attributes
    821
- An Example of accountActions
  822
Internal Architecture
825
- Windows Services
  825
- Windows Registry
  826
- CSAdmin
  826
- CSAuth
  827
- CSDBSync
  828
- CSLog
  828
- CSMon
  828
  - Monitoring
    829
  - Recording
    830
  - Notification
    831
  - Response
    831
- CSTacacs and CSRadius
  832
Index
833

Benutzerhandbuch

Größe:

6,62 MB
Seiten:

860
Language:

English

Handbuch öffnen