Filter
Top Products
A-6
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Appendix A AAA Protocols
Overview of RADIUS
Overview of RADIUS
This section contains the following topics:
• RADIUS VSAs, page A-6
• ACS 5.3 as the AAA Server, page A-7
• RADIUS Attribute Support in ACS 5.3, page A-8
• RADIUS Access Requests, page A-9
RADIUS is a client/server protocol through which remote access servers communicate with a central
server to authenticate dial-in users, and authorize their access to the requested system or service. A
company could use RADIUS to maintain user profiles in a central database that all remote servers can
share.
This protocol provides better security, and the company can use it to set up a policy that is applied at a
single administered network point.
To support the older and newer RFCs, ACS 5.3 accepts authentication requests on port 1645 and port
1812. For accounting, ACS accepts accounting packets on ports 1646 and 1813.
RADIUS VSAs
ACS 5.3 provides a set of standard IETF RADIUS attributes. You can identify RADIUS IETF attributes
that are currently unused by their names. These unused attributes are named in the following format:
attribute-nnn, where attribute is the name of the attribute and nnn is the ID of the attribute.
In addition, ACS 5.3 supports RADIUS VSAs. The following set of predefined RADIUS VSAs are
available after you install ACS 5.3:
• Cisco
• Cisco VPN 5000
• Microsoft
• US Robotics
• Ascend
• Nortel (Bay Networks)
• RedCreek
• Juniper
• Cisco VPN 3000
• Cisco Business Service Management (BSM)
• Cisco Aironet
• Cisco Airespace
You can modify these predefined RADIUS VSAs or define new RADIUS VSAs. You can create, edit,
and duplicate RADIUS VSAs. For more information, see Creating, Duplicating, and Editing RADIUS
Vendor-Specific Attributes, page 18-6.