|
Table Of Contents
Obtaining Technical Assistance
About This Guide
This section discusses the objectives, audience, and organization of the CiscoSecure ACS for UNIX User Guide.
Document Objectives
The objective of this document is to help you configure and use the CiscoSecure Access Control Server (ACS) 2.3 for UNIX (Solaris) software and review some basic concepts of network security.
Audience
This guide was written for system administrators who use the CiscoSecure ACS software to set up and maintain accounts and dial-in network security.
Document Organization
The major sections of the CiscoSecure ACS for UNIX User Guide are as follows:
This Chapter: Contains:Overview of the CiscoSecure ACS software; defines package contents and system requirements; describes features of the software; and provides general information on network security.
Brief overview of the software modules that work together as part of the CiscoSecure ACS 2.3 for UNIX package.
Information on configuring initial test group profiles and testing user profiles to confirm the operability of your CiscoSecure installation.
Information on simple configuration and management of user profiles through the CiscoSecure ACS web pages.
Information on advanced group and user profile configuration and management through the CiscoSecure ACS web pages and the CiscoSecure Administrator advanced configuration program.
Information on NAS management, ACS management, and local and remote domain management, through the CiscoSecure ACS web pages and the CiscoSecure Administrator advanced configuration program.
Information on using the CiscoSecure max sessions feature to limit the number of concurrent sessions allotted to a user, group, VPDN, or PoP group.
Information on the most efficient way to assign TACACS+ or RADIUS attributes to users and groups.
Information on the CiscoSecure ACS software accounting database file and the instructions for enabling accounting.
Information on configuring the NAS for authentication, authorization, and accounting if you are using the TACACS+ protocol.
Information on configuring the NAS for authentication, authorization, and accounting if you are using the RADIUS protocol.
Information on one-time password authentication and token servers.
Ready-to-apply examples of typical CiscoSecure profiles and the NAS configurations that support them.
Information on how to identify and resolve potential problems with your CiscoSecure ACS, including timesaving tips and resources for service and support.
"Converting an Existing AA Database for CiscoSecure ACS 2.3"
Instructions for using the import utility to transfer an existing CiscoSecure database or an existing RADIUS database to the sample runtime database that can be used with CiscoSecure ACS 2.3.
Configuration parameters and syntax for the server control file, message catalogs, content and grammar conventions of the AA database, and sample configurations for setting server attributes.
Chapter 17, "Using the Command-Line Administrator Interface"
Listing and explanation of the CiscoSecure command line interface, which allows an administrator to carry out simple CiscoSecure administration through UNIX command lines.
Examples that you can apply directly to your own CiscoSecure ACS platform, including Lock and Key, remote-node IP and IPX dialup, ISDN dialup to a Cisco AS5200, and remote-node IP dialup.
Reference information pertaining to the use of the RADIUS protocol to exchange data between your NAS and the CiscoSecure ACS.
Reference information on database schema.
Information on integrating Oracle or Sybase database replication with CiscoSecure profile data.
Tips for enhancing the security of your network and the CiscoSecure AAA management system.
List of file formats and syntax for CiscoSecure ACS software.
Information on configuring the server control file and message catalogs.
List of other documents that you might find helpful in your management of CiscoSecure ACS software.
Document Conventions
This publication uses the following conventions to convey instructions and information.
Command descriptions use these conventions:
Examples use these conventions:
This Convention: Indicates:
screen
fontTerminal sessions
boldface screen font
Information you enter
Note Means reader take note. Notes contain helpful suggestions or references to materials not contained in this manual.
Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.
Timesaver Means the described action saves time. You can save time by performing the action described in the paragraph.
Obtaining Documentation
World Wide Web
You can access the most current Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
Documentation CD-ROM
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM is updated monthly. Therefore, it is probably more current than printed documentation. The CD-ROM package is available as a single unit or as an annual subscription.
Ordering Documentation
Registered CCO users can order the Documentation CD-ROM and other Cisco Product documentation through our online Subscription Services at http://www.cisco.com/cgi-bin/subcat/kaojump.cgi.
Nonregistered CCO users can order documentation through a local account representative by calling Cisco's corporate headquarters (California, USA) at 408 526-4000 or, in North America, call 800 553-NETS (6387).
Obtaining Technical Assistance
Cisco provides Cisco Connection Online (CCO) as a starting point for all technical assistance. Warranty or maintenance contract customers can use the Technical Assistance Center. All customers can submit technical feedback on Cisco documentation using the web, e-mail, a self-addressed stamped response card included in many printed docs, or by sending mail to Cisco.
Cisco Connection Online
Cisco continues to revolutionize how business is done on the Internet. Cisco Connection Online is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information and resources at anytime, from anywhere in the world. This highly integrated Internet application is a powerful, easy-to-use tool for doing business with Cisco.
CCO's broad range of features and services helps customers and partners to streamline business processes and improve productivity. Through CCO, you will find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online support services, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.
Customers and partners can self-register on CCO to obtain additional personalized information and services. Registered users may order products, check on the status of an order and view benefits specific to their relationships with Cisco.
You can access CCO in the following ways:
•WWW: www.cisco.com
•Telnet: cco.cisco.com
•Modem using standard connection rates and the following terminal settings: VT100 emulation; 8 data bits; no parity; and 1 stop bit.
–From North America, call 408 526-8070
–From Europe, call 33 1 64 46 40 82
You can e-mail questions about using CCO to cco-team@cisco.com.
Technical Assistance Center
The Cisco Technical Assistance Center (TAC) is available to warranty or maintenance contract customers who need technical assistance with a Cisco product that is under warranty or covered by a maintenance contract.
To display the TAC web site that includes links to technical support information and software upgrades and for requesting TAC support, use www.cisco.com/techsupport.
To contact by e-mail, use one of the following:
In North America, TAC can be reached at 800 553-2447 or 408 526-7209. For other telephone numbers and TAC e-mail addresses worldwide, consult the following web site: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml.
Documentation Feedback
If you are reading Cisco product documentation on the World Wide Web, you can submit technical comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco.
You can e-mail your comments to bug-doc@cisco.com.
To submit your comments by mail, for your convenience many documents contain a response card behind the front cover. Otherwise, you can mail your comments to the following address:
Cisco Systems, Inc.
Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate and value your comments.
Posted: Wed Feb 16 10:04:05 PST 2005
All contents are Copyright © 1992--2005 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.