About This Guide

This section discusses the objectives, audience, and organization of the CiscoSecure ACS 2.3 for UNIX User Guide and CiscoSecure ACS 2.3 for UNIX Reference Guide.

Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more up to date than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or
http://www-europe.cisco.com.

Document Objectives

The objective of this document is to help you configure and use the CiscoSecure Access Control Server (ACS) 2.3 for UNIX (Solaris) software and review some basic concepts of network security.

Audience

This guide was written for system administrators who use the CiscoSecure ACS software to set up and maintain accounts and dial-in network security.

Document Organization

Two manuals are provided in this package, the CiscoSecure ACS 2.3 User Guide and the CiscoSecure ACS 2.3 Reference Guide.

User Guide Topics

The major sections of the CiscoSecure ACS 2.3 for UNIX User Guide are as follows:

This Chapter: Contains:

Chapter 1, "Introduction to the CiscoSecure ACS Software"

Overview of the CiscoSecure ACS software; defines package contents and system requirements; describes features of the software; and provides general information on network security.

Chapter 2, "Configuring Initial Test Group and User Profiles"

Information on configuring initial test group profiles and testing user profiles to confirm the operability of your CiscoSecure installation.

Chapter 3, "Simple User and ACS Management"

Information on simple configuration and management of user profiles through the CiscoSecure ACS web pages.

Chapter 4, "Advanced Group and User Management"

Information on advanced group and user profile configuration and management through the CiscoSecure ACS web pages and the CiscoSecure Administrator advanced configuration program.

Chapter 5, "ACS and NAS Management"

Information on NAS management, ACS management, and local and remote domain management, through the CiscoSecure ACS web pages and the CiscoSecure Administrator advanced configuration program.

Chapter 6, "Limiting and Tracking Sessions Per User, Group, or VPDN"

Information on using the CiscoSecure max sessions feature to limit the number of concurrent sessions allotted to a user, group, VPDN, or PoP group.

Chapter 7, "Strategies for Applying Attributes"

Information on the most efficient way to assign TACACS+ or RADIUS attributes to users and groups.

Chapter 8, "CiscoSecure ACS Accounting"

Information on the CiscoSecure ACS software accounting database file and the instructions for enabling accounting.

Chapter 9, "Configuring the NAS for TACACS+"

Information on configuring the NAS for authentication, authorization, and accounting if you are using the TACACS+ protocol.

Chapter 10, "Configuring the NAS for RADIUS"

Information on configuring the NAS for authentication, authorization, and accounting if you are using the RADIUS protocol.

Chapter 11, "Token Server Support"

Information on one-time password authentication and token servers.

Chapter 12, "CiscoSecure Profile and NAS Configuration Examples"

Ready-to-apply examples of typical CiscoSecure profiles and the NAS configurations that support them.

Appendix A, "References and Recommended Reading"

List of other documents that you might find helpful in your management of CiscoSecure ACS software.

This Chapter:	Contains:
Chapter 1, "Introduction to the CiscoSecure ACS Software"	Overview of the CiscoSecure ACS software; defines package contents and system requirements; describes features of the software; and provides general information on network security.
Chapter 2, "Configuring Initial Test Group and User Profiles"	Information on configuring initial test group profiles and testing user profiles to confirm the operability of your CiscoSecure installation.
Chapter 3, "Simple User and ACS Management"	Information on simple configuration and management of user profiles through the CiscoSecure ACS web pages.
Chapter 4, "Advanced Group and User Management"	Information on advanced group and user profile configuration and management through the CiscoSecure ACS web pages and the CiscoSecure Administrator advanced configuration program.
Chapter 5, "ACS and NAS Management"	Information on NAS management, ACS management, and local and remote domain management, through the CiscoSecure ACS web pages and the CiscoSecure Administrator advanced configuration program.
Chapter 6, "Limiting and Tracking Sessions Per User, Group, or VPDN"	Information on using the CiscoSecure max sessions feature to limit the number of concurrent sessions allotted to a user, group, VPDN, or PoP group.
Chapter 7, "Strategies for Applying Attributes"	Information on the most efficient way to assign TACACS+ or RADIUS attributes to users and groups.
Chapter 8, "CiscoSecure ACS Accounting"	Information on the CiscoSecure ACS software accounting database file and the instructions for enabling accounting.
Chapter 9, "Configuring the NAS for TACACS+"	Information on configuring the NAS for authentication, authorization, and accounting if you are using the TACACS+ protocol.
Chapter 10, "Configuring the NAS for RADIUS"	Information on configuring the NAS for authentication, authorization, and accounting if you are using the RADIUS protocol.
Chapter 11, "Token Server Support"	Information on one-time password authentication and token servers.
Chapter 12, "CiscoSecure Profile and NAS Configuration Examples"	Ready-to-apply examples of typical CiscoSecure profiles and the NAS configurations that support them.
Appendix A, "References and Recommended Reading"	List of other documents that you might find helpful in your management of CiscoSecure ACS software.

Reference Topics

The major sections of the CiscoSecure ACS 2.3 for UNIX Reference Guide are as follows:

This Chapter: Contains:

Chapter 1, "CiscoSecure ACS Components Overview"

An overview of the major software components of the CiscoSecure ACS 2.3 for UNIX product.

Chapter 2, "Troubleshooting Information"

Information on how to identify and resolve potential problems with your CiscoSecure ACS, including timesaving tips and resources for service and support.

Chapter 3, "Converting an Existing AA Database for CiscoSecure ACS 2.3"

Instructions for using the import utility to transfer an existing CiscoSecure database or an existing RADIUS database to the sample runtime database that can be used with CiscoSecure ACS 2.3.

Chapter 4, "Tuning CiscoSecure ACS Performance and Configuration"

Configuration parameters and syntax for the server control file, message catalogs, content and grammar conventions of the AA database, and sample configurations for setting server attributes.

Chapter 5, "Using the Command-Line Administrator Interface"

Listing and explanation of the CiscoSecure Command Line Interface, which allows an administrator to carry out simple CiscoSecure administration through UNIX command lines.

Chapter 6, "NAS Configuration Examples"

Examples that you can apply directly to your own CiscoSecure ACS platform, including Lock and Key, remote-node IP and IPX dialup, ISDN dialup to a Cisco AS5200, and remote-node IP dialup.

Chapter 7, "RADIUS Attribute-Value Pairs and Dictionary Management"

Reference information pertaining to the use of the RADIUS protocol to exchange data between your NAS and the CiscoSecure ACS.

Chapter 8, "CiscoSecure ACS Database Structure"

Reference information on database schema.

Chapter 9, "Setting up Database Replication among CiscoSecure ACSes"

Information on integrating Oracle or Sybase database replication with CiscoSecure profile data.

Chapter 10, "Enhancing Management Security"

Tips for enhancing the security of your network and the CiscoSecure AAA management system.

Appendix A, "References and Recommended Reading"

List of other documents that you might find helpful in your management of CiscoSecure ACS software.

This Chapter:	Contains:
Chapter 1, "CiscoSecure ACS Components Overview"	An overview of the major software components of the CiscoSecure ACS 2.3 for UNIX product.
Chapter 2, "Troubleshooting Information"	Information on how to identify and resolve potential problems with your CiscoSecure ACS, including timesaving tips and resources for service and support.
Chapter 3, "Converting an Existing AA Database for CiscoSecure ACS 2.3"	Instructions for using the import utility to transfer an existing CiscoSecure database or an existing RADIUS database to the sample runtime database that can be used with CiscoSecure ACS 2.3.
Chapter 4, "Tuning CiscoSecure ACS Performance and Configuration"	Configuration parameters and syntax for the server control file, message catalogs, content and grammar conventions of the AA database, and sample configurations for setting server attributes.
Chapter 5, "Using the Command-Line Administrator Interface"	Listing and explanation of the CiscoSecure Command Line Interface, which allows an administrator to carry out simple CiscoSecure administration through UNIX command lines.
Chapter 6, "NAS Configuration Examples"	Examples that you can apply directly to your own CiscoSecure ACS platform, including Lock and Key, remote-node IP and IPX dialup, ISDN dialup to a Cisco AS5200, and remote-node IP dialup.
Chapter 7, "RADIUS Attribute-Value Pairs and Dictionary Management"	Reference information pertaining to the use of the RADIUS protocol to exchange data between your NAS and the CiscoSecure ACS.
Chapter 8, "CiscoSecure ACS Database Structure"	Reference information on database schema.
Chapter 9, "Setting up Database Replication among CiscoSecure ACSes"	Information on integrating Oracle or Sybase database replication with CiscoSecure profile data.
Chapter 10, "Enhancing Management Security"	Tips for enhancing the security of your network and the CiscoSecure AAA management system.
Appendix A, "References and Recommended Reading"	List of other documents that you might find helpful in your management of CiscoSecure ACS software.

Document Conventions

This publication uses the following conventions to convey instructions and information.

Command descriptions use these conventions:

This Convention: Indicates:

boldface font

Commands and keywords

italic font

Variables for which you supply values

plain font

Filenames

square brackets ([ ])

Optional elements

braces ({ })

Group of required keywords

vertical bar ( | )

Alternative keywords within the braces

This Convention:	Indicates:
boldface font	Commands and keywords
italic font	Variables for which you supply values
plain font	Filenames
square brackets ([ ])	Optional elements
braces ({ })	Group of required keywords
vertical bar ( \| )	Alternative keywords within the braces

Examples use these conventions:

This Convention: Indicates:

screen font

Terminal sessions

boldface screen font

Information you enter

This Convention:	Indicates:
`screen` font	Terminal sessions
boldface screen font	Information you enter

Note Means reader take note. Notes contain helpful suggestions or references to materials not contained in this manual.

Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.

TimeSaver Means the described action saves time. You can save time by performing the action described in the paragraph.

Table of Contents

About This Guide

About This Guide

Document Objectives

Audience

Document Organization

User Guide Topics

Reference Topics

Document Conventions