cc/td/doc/product/access/acs_soft/cs_ezacs
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

First-Time Configuration of CiscoSecure EasyACS Software
Using the Configuration Combinations

First-Time Configuration of CiscoSecure EasyACS Software


To get CiscoSecure EasyACS up and running for the first time, select one of the six configurations detailed in this chapter.


Note      If you are viewing this from your browser, you are now viewing the "First-Time Installation" section of the EasyACS Online Documentation. If you want to return to this page, click the Back button on your browser or click Online Documentation on the CiscoSecure EasyACS navigational bar (on the left) and scroll to your choice of a "first-time installation" configuration.


The configuration you choose can vary depending on how you intend to use CiscoSecure EasyACS. This chapter defines each of the possible installation scenarios (see Table 2-1), and describes the steps you need to take to authenticate your first dial-in user.

Table 2-1   CiscoSecure EasyACS Configuration Combinations

Use IP Pool on Network Access Server (IPX and EXEC/Telnet can be enabled in addition to IP) Assign IP Address for Each User (IPX and EXEC/Telnet can be enabled in addition to IP) Authorizing only IPX and/or EXEC/Telnet

Authenticate using the Windows NT User Database

Config #1

Config #2

Config #3

Authenticate using the EasyACS User Database

Config #4

Config #5

Config #6

Using the Configuration Combinations

Select the configuration that best fits your requirements. Use the scrollbar or click on the appropriate configuration to navigate to the desired section and complete the required steps.


Note      To print this chapter, first click in the documentation window and then click your browser's Print button. To return to this screen, either click the Back button or click Online Documentation and reselect this section from the table of contents.


Configuration #1: Using the Windows NT User Database for Authentication with an IP Pool Defined on the Network Access Server

Prior to completing this configuration, ensure that you do the following (if you have not already done so):

To use the Windows NT User Database for authentication with a default pool or named pool of IP addresses defined on the network access server, take the following steps:


Step 1   Click Group Setup on the navigational bar.

The Select window appears on the left.

Step 2   Select the NT Users group to edit from the pull-down list.

Step 3   Click Edit Settings.

The Edit window appears on the left.

Step 4   Click the box next to IP (found under the Grouping column).

Step 5   Enter the IP pool name (in the Value field) that is assigned to the block of IP addresses in the network access server. (If using a default IP Pool, leave this field blank.)

Step 6   Click Submit.

You are now ready to have remote users dial into the network access server.

As users successfully authenticate for the first time, their usernames are added to the CiscoSecure EasyACS Database and assigned to the NT Users group (the default for new users authenticated by the Windows NT User Database). When the username appears in the CiscoSecure EasyACS User Database, the user can be assigned unique user settings or assigned to different groups by clicking User Setup.

To authorize IPX or EXEC (Telnet), in addition to enabling IP, continue with Step 7 through Step 9:

Step 7   Click the appropriate box next to IPX or EXEC (Telnet) in the Edit window.

Step 8   To permit or deny particular Cisco IOS commands for EXEC (Telnet), click Add/Edit and enter the command at the bottom of the screen.

Step 9   Click Submit.

Configuration #2: Using the Windows NT User Database for Authentication and Assigning an Individual IP Address to Each User

Prior to completing this configuration, ensure that you do the following (if you have not already done so):

To use the Windows NT User Database for authentication and assign an individual IP address to each user, take the following steps:


Step 1   Click User Setup on the navigational bar.

The Select window appears on the left.

Step 2   Enter a new username in the User field.

Step 3   Click Add/Edit.

The Edit window appears on the left.

Step 4   Select Use the Windows NT User Database for password authentication

Step 5   Assign the user to the group Windows NT Users

Step 6   Enter the appropriate IP address in the field located at the bottom of the screen.


Note Individual user IP address assignment in User Setup overrides IP pool assignment under Group Setup.


Step 7   Click Submit.

Step 8   Click Group Setup on the navigational bar.

The Select window appears on the left.

Step 9   Select the NT Users group to edit from the pull-down list.

Step 10   Click Edit Settings.

The Edit window appears on the left.

Step 11   Click the box next to IP (found under the Grouping column).

Step 12   Click Submit.

You are now ready to have this remote user dial into the network access server.

As users successfully authenticate for the first time, their usernames are added to the CiscoSecure EasyACS Database and assigned to the NT Users group (the default for new users authenticated by the Windows NT User Database). When the username appears in the CiscoSecure EasyACS User Database, the user can be assigned unique user settings or assigned to different groups by clicking User Setup.

To authorize IPX or EXEC (Telnet), in addition to enabling IP, continue with Step 13 through Step 15:

Step 13   Click the appropriate box next to the IPX or EXEC (Telnet) in Group Setup.

Step 14   To permit or deny particular Cisco IOS commands for EXEC (Telnet), click Add/Edit and enter the command at the bottom of the screen.

Step 15   Click Submit.

Configuration #3: Using the Windows NT User Database for Authentication and Authorizing Only IPX and/or EXEC (Telnet)

Prior to completing this configuration, ensure that you do the following (if you have not already done so):

To use the Windows NT User Database for authentication and authorize only IPX and/or EXEC (Telnet), take the following steps:


Step 1   Click Group Setup on the navigational bar.

The Select window appears on the left.

Step 2   Select the NT Users group to edit from the pull-down list.

Step 3   Click Edit Settings.

The Edit window appears on the left.

Step 4   Click the appropriate box next to IPX or EXEC (Telnet).

Step 5   To permit or deny particular Cisco IOS commands for EXEC (Telnet), click Add/Edit and enter the command at the bottom of the screen.

Step 6   Click Submit.

You are now ready to have remote users dial into the network access server.

As users successfully authenticate for the first time, their username is added to the CiscoSecure EasyACS User Database and assigned to the NT Users group (the default for new users authenticated by the Windows NT User Database). When the username appears in the CiscoSecure EasyACS User Database, the user can be assigned unique user settings or assigned to different groups by clicking User Setup.

Configuration #4: Using the EasyACS User Database for Authentication with an IP Pool Defined on the Network Access Server

Prior to completing this configuration, ensure that you have done the following (if you have not already done so):

To use the CiscoSecure EasyACS Database for authentication with a default pool or named pool of IP addresses defined on the network access server, take the following steps:


Step 1   Click User Setup on the navigational bar.

The Select window appears on the left.

Step 2   Enter a new username in the User field.

Step 3   Click Add/Edit.

The Edit window appears on the left.

Step 4   Select Use the EasyACS Database for password authentication.

Step 5   Enter the password for this user in the Password field.

Step 6   Assign the user to a group. (It is not recommended to assign new users to the NT Users group because it is the default group for first-time users authenticated by the Windows NT User Database.)

Step 7   Click Submit.

Step 8   Click Group Setup on the navigational bar.

The Select window appears on the left.

Step 9   Select the group assigned to the new users during Step 6 and click Edit Settings.

The Edit window appears on the left.

Step 10   Click the box next to IP (found under the Grouping column).

Step 11   Enter the IP pool name (in the Value field) that is assigned to the block of IP addresses in the network access server. (If using a default IP Pool, leave this field blank.)

Step 12   Click Submit.

You are ready to have this remote user dial into the network access server.

To authorize IPX or EXEC (Telnet), in addition to IP, continue with Step 13 through Step 15.

Step 13   Click the appropriate box next to IPX or EXEC (Telnet) in the Edit window.

Step 14   To permit or deny particular Cisco IOS commands for EXEC (Telnet), click Add/Edit and enter the command at the bottom of the screen.

Step 15   Click Submit.

Configuration #5: Using the EasyACS User Database for Authentication and Assigning an Individual IP Address to Each User

Prior to completing this configuration, ensure that you do the following (if you have not already done so):

To use the CiscoSecure EasyACS User Database for authentication and assign an individual IP address to each user, take the following steps:


Step 1   Click User Setup on the navigational bar.

The Select window appears on the left.

Step 2   Enter a new username in the User field.

Step 3   Click Add/Edit.

The Edit window appears on the left.

Step 4   Select Use the EasyACS User Database for password authentication.

Step 5   Enter the password for this user in the Password field.

Step 6   Assign the user to a group. (It is not recommended to assign new users to the NT Users group because it is the default group for first-time users authenticated by the Windows NT User Database.)

Step 7   Enter the user's IP address in the field located at the bottom of the screen.


Note Individual user IP address assignment in User Setup overrides IP pool assignment under Group Setup.


Step 8   Click Submit.

Step 9   Click Group Setup on the navigational bar.

The Select window appears on the left.

Step 10   Select the group assigned to the new users during Step 6.

Step 11   Click the box next to IP (found under the grouping column).

Step 12   Click Submit

You are now ready to have this remote user dial into the network access server.

To authorize IPX or EXEC (Telnet), in addition to IP, continue with Step 13 through Step 15.

Step 13   Click the appropriate box next to the IPX or EXEC (Telnet) in Group Setup.

Step 14   To permit or deny particular Cisco IOS commands for EXEC (Telnet), click Add/Edit and enter the command at the bottom of the screen.

Step 15   Click Submit.

Configuration #6: Using the EasyACS User Database for Authentication and Authorizing Only IPX and EXEC (Telnet)

Prior to completing this configuration, ensure that you do the following (if you have not already done so):

To use the CiscoSecure EasyACS User Database for authentication and authorizing only IPX and/or Telnet (EXEC), take the following steps:


Step 1   Click User Setup on the navigational bar.

The Select window appears on the left.

Step 2   Enter a new username in the User field

Step 3   Click Add/Edit.

The Edit window appears on the left.

Step 4   Select Use EasyACS Database for password authentication.

Step 5   Enter the password for this user in the Password field.

Step 6   Assign the user to a group. (It is not recommended to assign new users to the Windows NT Users group because it is the default group for first-time users authenticated by the Windows NT User Database.)

Step 7   Click Submit.

Step 8   Click Group Setup on the navigational bar.

The Select window appears on the left.

Step 9   Select a group to edit from the pull-down list.

Step 10   Click Edit Settings.

The Edit window appears on the left.

Step 11   Select the group assigned to the new users during

Step 12   Click the appropriate box next to IPX or EXEC (Telnet).

Step 13   To permit or deny particular Cisco IOS commands for EXEC (Telnet), click Add/Edit and enter the command at the bottom of the window.

Step 14   Click Submit.

You are now ready to have remote users dial into the network access server.


hometocprevnextglossaryfeedbacksearchhelp
Posted: Sun Jan 19 10:43:02 PST 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.