Filter
Top Products
8-65
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8 Managing Users and Identity Stores
Managing External Identity Stores
Server Connection
Enable Secondary Server Check this check box to use a secondary RADIUS identity server as a
backup server in case the primary RADIUS identity server fails.
If you enable the secondary server, you must configure the parameters for
the secondary RADIUS identity server and must choose one of the
following options:
• Always Access Primary Server First—Select this option to ensure that
ACS always accesses the primary RADIUS identity server first before
the secondary server is accessed.
• Failback To Primary Server After n Minutes—Select this option to set
the number of minutes ACS can use the secondary server for
authentication.
After this time expires, ACS should again attempt to authenticate
using the primary server. The default value is 5 minutes.
Primary Server
Server IP Address IP address of the primary RADIUS identity server.
Shared Secret Shared secret between ACS and the primary RADIUS identity server.
A shared secret is an expected string of text, which a user must provide
before the network device authenticates a username and password. The
connection is rejected until the user supplies the shared secret.
Authentication Port Port number on which the RADIUS primary server listens. Valid options
are from 1 to 65,535. The default value is 1812.
Server Timeout n Seconds Number of seconds, n, that ACS waits for a response from the primary
RADIUS identity server before it determines that the connection to the
primary server has failed. Valid options are from 1 to 300. The default
value is 5.
Connection Attempts Specifies the number of times that ACS should attempt to reconnect before
contacting the secondary RADIUS identity server or dropping the
connection if no secondary server is configured. Valid options are from 1
to 10. The default value is 3.
Secondary Server
Server IP Address IP address of the secondary RADIUS identity server.
Shared Secret Shared secret between ACS and the secondary RADIUS identity server.
The shared secret must be identical to the shared secret that is configured
on the RADIUS identity server.
A shared secret is an expected string of text, which a user must provide
before the network device authenticates a username and password. The
connection is rejected until the user supplies the shared secret.
Authentication Port Port number on which the RADIUS secondary server listens. Valid options
are from 1 to 65,535. The default value is 1812.
Table 8-16 RADIUS Identity Server - General Tab (continued)
Option Description