Cisco CiscoSecure ACS for UNIX Upgrade to v2.3 CSU-2.3-UG Manual De Usuario

Los códigos de productos

CSU-2.3-UG

xxvii

CiscoSecure ACS 2.3 for UNIX User Guide

78-5222-02 Rev. A0

CiscoSecure System Description

The CiscoSecure ACS 2.3 for UNIX software provides authentication, authorization, and
accounting services on users dialing in to the network through TACACS+ or RADIUS based
network access servers (NASes).

Basic CiscoSecure Components

Basic network components that interact with CiscoSecure ACS are shown in Figure 1.

Figure 1

CiscoSecure and Network Components

Command/control:

web browser

External

relational database

(ODBC)

NAS

CiscoSecure ACS

Token card server

(Secure Computing, SDI,

CRYPTOCard)

S6295

Table 3

Basic CiscoSecure Components

Node

Description

Network
access server
(NAS)

The NASes provide the ports (through which remote users can dial in to the
network), forward login requests to CiscoSecure ACS, and carry out authentication
and authorization instructions from CiscoSecure ACS. A single CiscoSecure ACS
can provide authentication, authorization, and accounting services to multiple
NASes.

CiscoSecure
Access Control
Server (ACS)

CiscoSecure ACS receives the login request from the NAS, pulls the profile from
the user making the login request from the RDBMS and based on the profile:

•

Transmits authentication and authorization instructions back to the NAS

•

Transmits accounting records back to the RDBMS

If a token server is in use, CiscoSecure ACS transmits the login request to the token
server for authentication.