Cisco Systems Servers Manuale Utente
4-7
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter 4 Setting Up and Managing Network Configuration
Proxy in Distributed Systems
AAA server. However, Mary occasionally travels to a division within the
corporation in New York, where she still needs to access the corporate network to
get her e-mail and other files. When Mary is in New York, she dials in to the New
York office and logs in as mary@corporate.com. Her username is not recognized
by the New York Cisco Secure ACS, but the Proxy Distribution Table contains an
entry, “la”, to forward the authentication request to the Los Angeles
Cisco Secure ACS. Because Mary’s username and password information reside
on that AAA server, when she authenticates correctly, the authorization
parameters assigned to her are applied by the AAA client in the New York office.
corporation in New York, where she still needs to access the corporate network to
get her e-mail and other files. When Mary is in New York, she dials in to the New
York office and logs in as mary@corporate.com. Her username is not recognized
by the New York Cisco Secure ACS, but the Proxy Distribution Table contains an
entry, “la”, to forward the authentication request to the Los Angeles
Cisco Secure ACS. Because Mary’s username and password information reside
on that AAA server, when she authenticates correctly, the authorization
parameters assigned to her are applied by the AAA client in the New York office.
Remote Use of Accounting Packets
When proxy is employed, Cisco Secure ACS can dispatch AAA accounting
packets in one of three ways:
packets in one of three ways:
•
Log them locally
•
Forward them to the destination AAA server
•
Log them locally and forward copies to the destination AAA server
Sending accounting packets to the remote Cisco Secure ACS offers several
benefits. When Cisco Secure ACS is configured to send accounting packets to the
remote AAA server, the remote AAA server logs an entry in the accounting report
for that session on the destination server. Cisco Secure ACS also caches the user’s
connection information and adds an entry in the List Logged on Users report. You
can then view the information for users that are currently connected. Because the
accounting information is being sent to the remote AAA server, even if the
connection fails, you can view the Failed Attempts report to troubleshoot the
failed connection.
benefits. When Cisco Secure ACS is configured to send accounting packets to the
remote AAA server, the remote AAA server logs an entry in the accounting report
for that session on the destination server. Cisco Secure ACS also caches the user’s
connection information and adds an entry in the List Logged on Users report. You
can then view the information for users that are currently connected. Because the
accounting information is being sent to the remote AAA server, even if the
connection fails, you can view the Failed Attempts report to troubleshoot the
failed connection.
Sending the accounting information to the remote AAA server also enables you
to use the Max Sessions feature. The Max Sessions feature uses the Start and Stop
records in the accounting packet. If the remote AAA server is a Cisco Secure ACS
and the Max Sessions feature is implemented, you can track the number of
sessions allowed for each user or group.
to use the Max Sessions feature. The Max Sessions feature uses the Start and Stop
records in the accounting packet. If the remote AAA server is a Cisco Secure ACS
and the Max Sessions feature is implemented, you can track the number of
sessions allowed for each user or group.
You can also choose to have Voice over IP (VoIP) accounting information logged
remotely, either appended to the RADIUS Accounting log, in a separate VoIP
Accounting log, or both.
remotely, either appended to the RADIUS Accounting log, in a separate VoIP
Accounting log, or both.