Cisco Systems OL-24201-01 Camera Accessories User Manual


 
7-19
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 7 Managing Network Resources
Working with External Proxy Servers
Related Topics
Network Device Groups, page 7-2
Network Devices and AAA Clients, page 7-5
Creating, Duplicating, and Editing Network Device Groups, page 7-2
Working with External Proxy Servers
ACS 5.3 can function both as a RADIUS and TACACS+ server and as a RADIUS and TACACS+ proxy
server. When it acts as a proxy server, ACS receives authentication and accounting requests from the
NAS and forwards them to the external RADIUS or TACACS+ server.
ACS accepts the results of the requests and returns them to the NAS. You must configure the external
RADIUS or TACACS+ servers in ACS to enable ACS to forward requests to them. You can define the
timeout period and the number of connection attempts.
ACS can simultaneously act as a proxy server to multiple external RADIUS or TACACS+ servers.
RADIUS proxy server can handle the looping scenario whereas TACACS+ proxy server cannot.
Note You can use the external RADIUS or TACACS+ servers that you configure here in access services of the
RADIUS or TACACS+ proxy service type.
This section contains the following topics:
Creating, Duplicating, and Editing External Proxy Servers, page 7-19
Deleting External Proxy Servers, page 7-21
Creating, Duplicating, and Editing External Proxy Servers
To create, duplicate, or edit an external proxy server:
Step 1 Choose Network Resources > External Proxy Servers.
The External Proxy Servers page appears with a list of configured servers.
Enable KeyWrap Check to enable the shared secret keys for RADIUS Key Wrap in PEAP, EAP-FAST and
EAP-TLS authentications. Each key must be unique and be distinct from the RADIUS
shared key. You can configure these shared keys for each AAA Client.
Key Encryption Key (KEK) Used to encrypt the Pairwise Master Key (PMK). In ASCII mode, enter a key with 16
characters. In hexadecimal mode, enter a key with 32 characters.
Message Authentication Code
Key (MACK)
Used to calculate the keyed hashed message authentication code (HMAC) over the
RADIUS message.
In ASCII mode, enter a key length with 20 characters. In hexadecimal mode, enter a key
with 40 characters.
Key Input Format Enter the keys as ASCII or hexadecimal strings. The default is hexadecimal.
Table 7-6 Default Network Device Page (continued)
Option Description