Filter
Top Products
6-47
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 6 Managing Policy Objects
Understanding AAA Server and Server Group Objects
Field Reference
Table 6-17 AAA Server Group Dialog Box
Element Description
Name The object name (up to 16 characters when using this object with
firewall devices; up to 128 characters for Cisco IOS routers). Object
names are not case-sensitive. Spaces are not supported.
Consider the following important points:
• Cisco IOS routers do not support AAA server groups named
RADIUS, TACACS, or TACACS+. In addition, we do not
recommend using an abbreviation of one of these names, such as
rad or tac.
• If you define this AAA server group as the RADIUS or TACACS+
default group, any name you define here is automatically replaced
in the device configuration by the default name (RADIUS or
TACACS+) upon deployment.
Description An optional description of the object.
Protocol The protocol used by the AAA servers in the group. For more
information about these options, see Supported AAA Server Types,
page 6-25 and Additional AAA Support on ASA, PIX, and FWSM
Devices, page 6-26.
AAA Servers The AAA server policy objects that comprise the server group. Enter
the names of the objects or click Select to select them from a list that is
filtered to show only those AAA server objects that use the selected
protocol. Separate multiple objects with commas. You can also create
new objects from the selection list.
Make this Group the Default
AAA Server Group (IOS)
(IOS devices only.)
Whether to designate this AAA server group as the default group for the
RADIUS or TACACS+ protocol. Select this option if you intend to use
a single global group for the selected protocol for all policies on a
specific device requiring AAA.
Do not select this option if you intend to create multiple RADIUS or
TACACS+ AAA server groups. Multiple groups can be used to separate
different AAA functions (for example, use one group for authentication
and a different group for authorization) or to separate different
customers in a VRF environment.
Note When you discover an IOS router, any AAA servers in the
device configuration that are not members of a AAA server
group are placed in special groups called CSM-rad-grp (for
RADIUS) and CSM-tac-grp (for TACACS+), both of which are
marked as default groups. These two groups are created solely
to enable Security Manager to manage these servers. During
deployment, the AAA servers in these special groups are
deployed back to the device as individual servers. For more
information, see Default AAA Server Groups and IOS Devices,
page 6-28.