Filter
Top Products
3-8
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 3 ACS 5.x Policy Model
Access Services
ACS accepts the results of the requests and returns them to the NAS. You must configure the external
RADIUS and TACACS+ servers in ACS for ACS to forward requests to them. You can define the timeout
period and the number of connection attempts.
The ACS proxy remote target is a list of remote RADIUS and TACACS+ servers that contain the
following parameters:
• IP
• Authentication port
• Accounting port
• Shared secret
• Reply timeout
• Number of retries
• Connection port
• Network timeout
The following information is available in the proxy service:
• Remote RADIUS or TACACS+ servers list
• Accounting proxy local/remote/both
• Strip username prefix/suffix
When a RADIUS proxy server receives a request, it forwards it to the first remote RADIUS or TACACS+
server in the list. If the proxy server does not receive a response within the specified timeout interval and
the specified number of retries, it forwards the request to the next RADIUS or TACACS+ server in the
list.
When the first response arrives from any of the remote RADIUS or TACACS+ servers in the list, the
proxy service processes it. If the response is valid, ACS sends the response back to the NAS.
Table 3-7 lists the differences in RADIUS proxy service between ACS 4.2 and 5.3 releases.
Table 3-7 Differences in RADIUS and TACACS+ Proxy Service Between ACS 4.2 and 5.3
Feature ACS 5.3 ACS 4.2
Configurable timeout (RADIUS) Yes No
Configurable retry count (RADIUS) Yes No
Network timeout (TACACS+) Yes No
Authentication and accounting ports
(RADIUS)
Yes Yes
Connection port (TACACS+) Yes No
Proxy cycles detection Yes (For RADIUS only) No
Username stripping Yes Yes
Accounting proxy (local, remote, or both) Yes Yes
Account delay timeout support (RADIUS) No No