Cisco Systems Servers Manuale Utente
H-11
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Appendix H Cisco Secure ACS Internal Architecture
CSTacacs and CSRadius
•
Script to execute in the event of a failure event—These scripts are normally
standard Windows NT/2000 .BAT batch command files, but you can use any
executable in the
standard Windows NT/2000 .BAT batch command files, but you can use any
executable in the
Program Files\CiscoSecure ACS v2.6\CSMon\Scripts
directory.
•
Windows NT/2000 Event Log enable/disable—By default, CSMon logs
events to the Windows NT/2000 Event Log, but you can disable this function.
CSV logging cannot be disabled.
events to the Windows NT/2000 Event Log, but you can disable this function.
CSV logging cannot be disabled.
•
Simple mail-transfer protocol (SMTP) server and administrator e-mail
account details—To enable Cisco Secure ACS to send e-mail notification of
error conditions, you must fill in these fields. You can enter any valid e-mail
account (joe@company.com). The server details can be either a qualified host
name or a valid IP address. CSMon does not verify delivery of notification
e-mails, so make sure the information in these fields is correct. To disable
notification, clear the check box.
account details—To enable Cisco Secure ACS to send e-mail notification of
error conditions, you must fill in these fields. You can enter any valid e-mail
account (joe@company.com). The server details can be either a qualified host
name or a valid IP address. CSMon does not verify delivery of notification
e-mails, so make sure the information in these fields is correct. To disable
notification, clear the check box.
CSTacacs and CSRadius
The CSTacacs and CSRadius services communicate between the CSAuth module
and the access device that is requesting authentication and authorization services.
For CSTacacs and CSRadius to work properly, the system must meet the
following conditions:
and the access device that is requesting authentication and authorization services.
For CSTacacs and CSRadius to work properly, the system must meet the
following conditions:
•
CSTacacs and CSRadius services must be configured from CSAdmin.
•
CSTacacs and CSRadius services must communicate with access devices
such as access servers, routers, switches, and firewalls.
such as access servers, routers, switches, and firewalls.
•
The identical shared secret (key) must be configured both in
Cisco Secure ACS and on the access device.
Cisco Secure ACS and on the access device.
•
The access device IP address must be specified in Cisco Secure ACS.
•
The type of security protocol being used must be specified in
Cisco Secure ACS.
Cisco Secure ACS.
CSTacacs is used to communicate with TACACS+ devices and CSRadius to
communicate with RADIUS devices. Both services can run at the same time.
When only one security protocol is used, only the applicable service needs to be
running; however, the other service will not interfere with normal operation and
communicate with RADIUS devices. Both services can run at the same time.
When only one security protocol is used, only the applicable service needs to be
running; however, the other service will not interfere with normal operation and