Filter
Top Products
12-14
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 12 Managing Alarms
Creating, Editing, and Duplicating Alarm Thresholds
Configuring Threshold Criteria
ACS 5.3 provides the following threshold categories to define different threshold criteria:
• Passed Authentications, page 12-14
• Failed Authentications, page 12-16
• Authentication Inactivity, page 12-18
• TACACS Command Accounting, page 12-19
• TACACS Command Authorization, page 12-20
• ACS Configuration Changes, page 12-21
• ACS System Diagnostics, page 12-22
• ACS Process Status, page 12-23
• ACS System Health, page 12-24
• ACS AAA Health, page 12-25
• RADIUS Sessions, page 12-26
• Unknown NAD, page 12-27
• External DB Unavailable, page 12-28
• RBACL Drops, page 12-29
• NAD-Reported AAA Downtime, page 12-31
Passed Authentications
When ACS evaluates this threshold, it examines the RADIUS or TACACS+ passed authentications that
occurred during the time interval that you have specified up to the previous 24 hours.
These authentication records are grouped by a common attribute, such as ACS Instance, User, Identity
Group, and so on. The number of records within each of these groups is computed. If the count computed
for any of these groups exceeds the specified threshold, an alarm is triggered.
For example, if you configure a threshold with the following criteria: Passed authentications greater than
1000 in the past 20 minutes for an ACS instance. When ACS evaluates this threshold and three ACS
instances have processed passed authentications as follows:
An alarm is triggered because at least one ACS instance has greater than 1000 passed authentications in
the past 20 minutes.
ACS Instance Passed Authentication Count
New York ACS 1543
Chicago ACS 879
Los Angeles 2096