|
To get CiscoSecure EasyACS up and running for the first time, select one of the six configurations detailed in this chapter.
Note If you are viewing this from your browser, you are now viewing the "First-Time Installation" section of the EasyACS Online Documentation. If you want to return to this page, click the Back button on your browser or click Online Documentation on the CiscoSecure EasyACS navigational bar (on the left) and scroll to your choice of a "first-time installation" configuration.
The configuration you choose can vary depending on how you intend to use CiscoSecure EasyACS. This chapter defines each of the possible installation scenarios (see Table 2-1), and describes the steps you need to take to authenticate your first dial-in user.
Table 2-1 CiscoSecure EasyACS Configuration Combinations
Use IP Pool on Network Access Server (IPX and EXEC/Telnet can be enabled in addition to IP) | Assign IP Address for Each User (IPX and EXEC/Telnet can be enabled in addition to IP) | Authorizing only IPX and/or EXEC/Telnet | |
---|---|---|---|
Select the configuration that best fits your requirements. Use the scrollbar or click on the appropriate configuration to navigate to the desired section and complete the required steps.
Note To print this chapter, first click in the documentation window and then click your browser's Print button. To return to this screen, either click the Back button or click Online Documentation and reselect this section from the table of contents.
Prior to completing this configuration, ensure that you do the following (if you have not already done so):
To use the Windows NT User Database for authentication with a default pool or named pool of IP addresses defined on the network access server, take the following steps:
The Select window appears on the left.
Step 2 Select the NT Users group to edit from the pull-down list.
Step 3 Click Edit Settings.
The Edit window appears on the left.
Step 4 Click the box next to IP (found under the Grouping column).
Step 5 Enter the IP pool name (in the Value field) that is assigned to the block of IP addresses in the network access server. (If using a default IP Pool, leave this field blank.)
Step 6 Click Submit.
You are now ready to have remote users dial into the network access server.
As users successfully authenticate for the first time, their usernames are added to the CiscoSecure EasyACS Database and assigned to the NT Users group (the default for new users authenticated by the Windows NT User Database). When the username appears in the CiscoSecure EasyACS User Database, the user can be assigned unique user settings or assigned to different groups by clicking User Setup.
To authorize IPX or EXEC (Telnet), in addition to enabling IP, continue with Step 7 through Step 9:
Step 7 Click the appropriate box next to IPX or EXEC (Telnet) in the Edit window.
Step 8 To permit or deny particular Cisco IOS commands for EXEC (Telnet), click Add/Edit and enter the command at the bottom of the screen.
Prior to completing this configuration, ensure that you do the following (if you have not already done so):
To use the Windows NT User Database for authentication and assign an individual IP address to each user, take the following steps:
The Select window appears on the left.
Step 2 Enter a new username in the User field.
Step 3 Click Add/Edit.
The Edit window appears on the left.
Step 4 Select Use the Windows NT User Database for password authentication
Step 5 Assign the user to the group Windows NT Users
Step 6 Enter the appropriate IP address in the field located at the bottom of the screen.
Note Individual user IP address assignment in User Setup overrides IP pool assignment under Group Setup.
Step 7 Click Submit.
Step 8 Click Group Setup on the navigational bar.
The Select window appears on the left.
Step 9 Select the NT Users group to edit from the pull-down list.
Step 10 Click Edit Settings.
The Edit window appears on the left.
Step 11 Click the box next to IP (found under the Grouping column).
Step 12 Click Submit.
You are now ready to have this remote user dial into the network access server.
As users successfully authenticate for the first time, their usernames are added to the CiscoSecure EasyACS Database and assigned to the NT Users group (the default for new users authenticated by the Windows NT User Database). When the username appears in the CiscoSecure EasyACS User Database, the user can be assigned unique user settings or assigned to different groups by clicking User Setup.
To authorize IPX or EXEC (Telnet), in addition to enabling IP, continue with Step 13 through Step 15:
Step 13 Click the appropriate box next to the IPX or EXEC (Telnet) in Group Setup.
Step 14 To permit or deny particular Cisco IOS commands for EXEC (Telnet), click Add/Edit and enter the command at the bottom of the screen.
Prior to completing this configuration, ensure that you do the following (if you have not already done so):
To use the Windows NT User Database for authentication and authorize only IPX and/or EXEC (Telnet), take the following steps:
The Select window appears on the left.
Step 2 Select the NT Users group to edit from the pull-down list.
Step 3 Click Edit Settings.
The Edit window appears on the left.
Step 4 Click the appropriate box next to IPX or EXEC (Telnet).
Step 5 To permit or deny particular Cisco IOS commands for EXEC (Telnet), click Add/Edit and enter the command at the bottom of the screen.
Step 6 Click Submit.
You are now ready to have remote users dial into the network access server.
As users successfully authenticate for the first time, their username is added to the CiscoSecure EasyACS User Database and assigned to the NT Users group (the default for new users authenticated by the Windows NT User Database). When the username appears in the CiscoSecure EasyACS User Database, the user can be assigned unique user settings or assigned to different groups by clicking User Setup.
Prior to completing this configuration, ensure that you have done the following (if you have not already done so):
To use the CiscoSecure EasyACS Database for authentication with a default pool or named pool of IP addresses defined on the network access server, take the following steps:
The Select window appears on the left.
Step 2 Enter a new username in the User field.
Step 3 Click Add/Edit.
The Edit window appears on the left.
Step 4 Select Use the EasyACS Database for password authentication.
Step 5 Enter the password for this user in the Password field.
Step 6 Assign the user to a group. (It is not recommended to assign new users to the NT Users group because it is the default group for first-time users authenticated by the Windows NT User Database.)
Step 7 Click Submit.
Step 8 Click Group Setup on the navigational bar.
The Select window appears on the left.
Step 9 Select the group assigned to the new users during Step 6 and click Edit Settings.
The Edit window appears on the left.
Step 10 Click the box next to IP (found under the Grouping column).
Step 11 Enter the IP pool name (in the Value field) that is assigned to the block of IP addresses in the network access server. (If using a default IP Pool, leave this field blank.)
Step 12 Click Submit.
You are ready to have this remote user dial into the network access server.
To authorize IPX or EXEC (Telnet), in addition to IP, continue with Step 13 through Step 15.
Step 13 Click the appropriate box next to IPX or EXEC (Telnet) in the Edit window.
Step 14 To permit or deny particular Cisco IOS commands for EXEC (Telnet), click Add/Edit and enter the command at the bottom of the screen.
Prior to completing this configuration, ensure that you do the following (if you have not already done so):
To use the CiscoSecure EasyACS User Database for authentication and assign an individual IP address to each user, take the following steps:
The Select window appears on the left.
Step 2 Enter a new username in the User field.
Step 3 Click Add/Edit.
The Edit window appears on the left.
Step 4 Select Use the EasyACS User Database for password authentication.
Step 5 Enter the password for this user in the Password field.
Step 6 Assign the user to a group. (It is not recommended to assign new users to the NT Users group because it is the default group for first-time users authenticated by the Windows NT User Database.)
Step 7 Enter the user's IP address in the field located at the bottom of the screen.
Note Individual user IP address assignment in User Setup overrides IP pool assignment under Group Setup.
Step 8 Click Submit.
Step 9 Click Group Setup on the navigational bar.
The Select window appears on the left.
Step 10 Select the group assigned to the new users during Step 6.
Step 11 Click the box next to IP (found under the grouping column).
Step 12 Click Submit
You are now ready to have this remote user dial into the network access server.
To authorize IPX or EXEC (Telnet), in addition to IP, continue with Step 13 through Step 15.
Step 13 Click the appropriate box next to the IPX or EXEC (Telnet) in Group Setup.
Step 14 To permit or deny particular Cisco IOS commands for EXEC (Telnet), click Add/Edit and enter the command at the bottom of the screen.
Prior to completing this configuration, ensure that you do the following (if you have not already done so):
To use the CiscoSecure EasyACS User Database for authentication and authorizing only IPX and/or Telnet (EXEC), take the following steps:
The Select window appears on the left.
Step 2 Enter a new username in the User field
Step 3 Click Add/Edit.
The Edit window appears on the left.
Step 4 Select Use EasyACS Database for password authentication.
Step 5 Enter the password for this user in the Password field.
Step 6 Assign the user to a group. (It is not recommended to assign new users to the Windows NT Users group because it is the default group for first-time users authenticated by the Windows NT User Database.)
Step 7 Click Submit.
Step 8 Click Group Setup on the navigational bar.
The Select window appears on the left.
Step 9 Select a group to edit from the pull-down list.
Step 10 Click Edit Settings.
The Edit window appears on the left.
Step 11 Select the group assigned to the new users during
Step 12 Click the appropriate box next to IPX or EXEC (Telnet).
Step 13 To permit or deny particular Cisco IOS commands for EXEC (Telnet), click Add/Edit and enter the command at the bottom of the window.
Step 14 Click Submit.
You are now ready to have remote users dial into the network access server.
Posted: Sun Jan 19 10:43:02 PST 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.