Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

6-35

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 6 Managing Policy Objects

Understanding AAA Server and Server Group Objects

AAA Server Dialog Box—TACACS+ Settings

Use the TACACS+ settings in the AAA Server dialog box to configure a TACACS+ AAA server object.

Navigation Path

Go to the Add or Edit AAA Server Dialog Box, page 6-30 and select TACACS+ in the Protocol field.

Related Topics

• Creating AAA Server Objects, page 6-29

• Understanding AAA Server and Server Group Objects, page 6-24

• AAA Server Group Dialog Box, page 6-46

ACL Netmask Convert

(ASA, PIX 7.x+, and FWSM

3.x+ devices only.)

The method for handling the netmask expressions that are contained in

downloadable ACLs received from the RADIUS server. The

ASA/PIX/FWSM expects downloadable ACLs to contain standard

netmask expressions whereas devices using Cisco IOS Software expect

downloadable ACLs to contain wildcard netmask expressions, which

are the reverse of a standard netmask expression. A wildcard mask has

ones in bit positions to ignore, zeros in bit positions to match.

Translation of wildcard netmask expressions means that downloadable

ACLs written for Cisco IOS routers can be used by ASA/PIX/FWSM

devices without altering the configuration of the ACLs on the RADIUS

server.

Select one of the following options:

• Standard—The security appliance assumes that all downloadable

ACLs received from the RADIUS server contain only standard

netmask expressions. No translation from wildcard netmask

expressions is performed. This is the default.

• Auto-Detect—The security appliance tries to determine the type of

netmask expression used in the downloadable ACL. If it detects a

wildcard netmask expression, it converts it to a standard netmask

expression.

This option is useful when you are uncertain how the RADIUS

server is configured; however, wildcard netmask expressions with

holes in them cannot be unambiguously detected and converted.

For example, the wildcard netmask 0.0.255.0 permits anything in

the third octet, but the device might not detect this expression as a

wildcard netmask.

• Wildcard—The security appliance assumes that all downloadable

ACLs received from the RADIUS server contain only wildcard

netmask expressions, which it converts to standard netmask

expressions.

Table 6-8 AAA Server Dialog Box—RADIUS Settings (Continued)

Element Description

previous next