Index

index

A

AAA server

: implementing limited max sessions control 6-2
: protocol-support features 1-12

about this guide xv

absolute attributes 7-3

absolute status

: applying to server group-max-authority, server group-max-hp-threshold, and server group-max-unbound-pop-policy attributes 6-29
: applying to server max-session, server max-authority, server max-hp-threshold, server max-unbound-pop-policy attributes 6-29

access control server

: See ACS

accessing and logging into the CiscoSecure ACS 3-2

accounting 8-1

: billing information 1-16
: database for RADIUS 8-13
: database for TACACS+ 8-11
: description 1-16
: events on the NAS (RADIUS) 8-4, 10-7
: how to export raw data into external file 8-10
: method selection for a RADIUS server profile 5-17
: on the NAS (RADIUS) 10-7
: on the NAS (TACACS+) 9-7
: system output 8-12
: with CiscoSecure ACS 8-11

Accounting field (RADIUS specific ACS setting) 5-17

AcctExport 8-10

ACE/Server 11-3

: option 3-11
: software 11-3
: support 11-2

acl attribute 4-9, 7-12

ACS installation 2-1

ACS profile

: configuring to support RADIUS 5-15
: deleting 5-19

Add a User page 3-10

adding a CiscoSecure ACS (TACACS+) 9-2

adding and configuring NAS as RADIUS client 5-5

adding and configuring NASes as TACACS+ clients 4-21, 5-2

adding NAS as RADIUS-enabled client 5-7

adding NASes for TACACS+ 9-9

addr attribute 4-9, 7-13

address pool example 7-15

addr-pool attribute 4-9, 7-14

Administrator

: See also CiscoSecure Administrator
: starting 3-2

advanced CiscoSecure Administration window 4-3

allow and refuse filter

: sample TACACS+ profile and NAS configurations supporting filtered shell access 12-7

allow attribute qualifier 7-6

allowing password changes 5-18

AppleTalk Remote Access Protocol

: See ARAP

ARAP

: description 3-11
: enabling for the CiscoSecure ACS 5-10

AS5200, sample configuration for an ISP 10-12

assigning a new privilege for changing password via TACACS+ 7-10

assigning a RADIUS Dictionary to a group or user 4-11

assigning check items and reply attributes to RADIUS profile 4-14

assigning TACACS+ attributes to group or user profile 4-6

async shell example 7-19

async SLIP example 7-19

async SLIP group profile, RADIUS example 7-22

async telnet group profile, RADIUS example 7-24

async telnet shell group profile, RADIUS example 7-23

attributes

: absolute 7-3
: assigned to group profiles 7-3
: assigned to individual users 7-2
: common 3-25
: common RADIUS 4-15
: common TACACS+ 4-9
: defining for groups 7-2
: defining for individual users 7-2
: deleting profile attribute 4-28
: listing of most commonly used 3-25
: most common RADIUS attributes 4-15
: planning for groups and users 7-1
: qualifiers 7-5
: RADIUS attributes used in sample async PPP profile 7-21
: RADIUS attributes used in sample async Telnet profile 7-24
: RADIUS attributes used in sample asynchronous SLIP profile 7-22
: RADIUS attributes used in sample ISDN profile 7-22
: RADIUS attributes used in sample Telnet shell profile 7-23
: sample RADIUS group profile assignmen 7-21 to 7-24
: sample TACACS+ group profile assignmen 7-18 to 7-20
: TACACS+ attributes used in sample Async shell profile 7-19
: TACACS+ attributes used in sample Aync SLIP connection 7-19
: TACACS+ attributes used in sample PPP dialup connection 7-18

attribute-value pairs 7-10

: RADIUS 8-15
: typical RADIUS 8-15

audience xv

authentication

: ACE/Server 11-23
: CHAP 3-9
: clear text 3-9
: configuring the methods for the CiscoSecure ACS 5-9
: Crypto option 3-11
: DES 3-11
: description 1-14
: enigma 3-11
: managing 3-1, 4-1, 5-1
: methods for NAS 9-3
: no password option 3-11
: on the NAS for RADIUS 10-3
: on the NAS for TACACS+ 9-3
: outbound PAP 3-11
: PAP 3-9
: password and privilege expiration 7-8
: privilege levels 7-7
: process 11-3
: S/Key 3-12, 11-17
: SDI option 3-11
: setting a failure limit 5-11
: supported password types 7-7
: supported protocols 1-14
: UNIX file 3-11
: UNIX system option 3-12
: using PPP for 11-5
: via token server 11-3

Authentication and Authorization field (RADIUS-specific ACS setting) 5-17

authentication servers

: ACE/Server 11-2
: CRYPTOCard 11-2, 11-3, 11-8
: CRYPTOCard directory 11-9, 11-11
: SafeWord Server 11-2
: Secure Computing 11-3

authorization 1-15

: attribute-value pairs 7-10
: CiscoSecure ACS (TACACS+ only) 7-10
: for TACACS+ in the CiscoSecure ACS 7-10
: managing 3-1, 4-1, 5-1
: NAS for RADIUS 10-5
: on the NAS for TACACS+ 9-5
: RADIUS 7-17
: sample RADIUS profile and NAS configurations supporting limited EXEC shell access 12-15
: sample TACACS+ profile and NAS configuration supporting limited EXEC session access 12-2
: testing 2-19

autocmd attribute 4-10, 7-13

B

Bellcore, S/Key option 3-12

Browse page 3-20

browsing

: groups and users 3-19
: viewing the browse page 3-20

C

callback attributes 4-10

callback options 7-16

callback-dialstring 4-10

callback-dialstring attribute 7-16

Callback-Id attribute 4-17

callback-line attribute 4-10, 7-16

Callback-Number attribute 4-17

callback-rotary attribute 4-10, 7-16

Challenge Handshake Authentication Protocol

: See CHAP

challenge response 11-4

changing information for NAS RADIUS-enabled client 5-7

changing passwords 7-9

changing superuser password 3-6

CHAP

: description 3-9, 11-5
: enabling for the CiscoSecure ACS 5-10

CHAP authentication

: sample RADIUS profile and NAS configurations supporting PPP user login with CHAP 12-18
: sample TACACS+ profile and NAS configurations supporting a PPP protocol user logging in with CHAP 12-11

check items

: adding 4-12
: assigning 4-14
: on the NAS 9-5
: on the NAS (RADIUS) 10-5

child group profiles 7-2

Cisco 2509, sample configuration using RADIUS and accounting 10-9

CiscoRemote 11-3

CiscoSecure ACS

: accessing and logging in 3-2
: accounting 8-1
: basic concepts 1-10
: concepts 1-10
: enabling logging options 5-12
: flexibility and scalability 1-3
: overview 1-1
: setting the local time zone 5-10
: setting the maximum allowable failed logins 5-11
: setting the supported authentication methods 5-9
: setting the token caching timeout 5-12
: specifying the server license key 5-10
: specifying the type of Max Sessions control 5-10, 6-2
: token card support with RADIUS 11-42

CiscoSecure ACS web-based interface 1-14

CiscoSecure Administrator

: logging off 3-31, 4-32
: logon page 3-3
: main menu buttons 3-5
: quick operations 3-7
: servers window 5-15
: starting 3-2
: web browser requirements 3-2

CiscoSecure Administrator main menu page 3-4

CiscoSecure License Key field 5-10

Cisco-Token-Immediate 11-42

clear text 3-9

clearing the failed logins counter 5-29

cmd attribute 4-9

cmd-arg attribute 4-9

common attributes and their meanings 3-25

common RADIUS Attributes 4-15

common TACACS+ attributes 4-9

configuration, initial 2-2

configuring ACS profiles to support RADIUS 5-15

configuring NAS for TACACS+ 9-1 to 9-11

configuring the NAS for RADIUS 10-1 to 10-14

configuring the network access server (TACACS+) 9-1

conflicting group and user attributes 7-4

copying group or user profile 4-20

creating a CRYPTOCard directory 11-9

creating a group profile 4-3

creating a quick user profile 3-7

creating a test user profile 2-12

Crypto option 3-11

CRYPTOCard

: creating a directory 11-9
: description 1-15, 11-2
: enabling support on the CiscoSecure ACS 5-10
: initializing 11-11
: logon sequence 11-16
: obtaining RB-1 tokens 11-8
: operating parameters 11-10
: specifying 3-11

CSU.cfg file

: editing to add post-installation token card support 11-43
: variables 8-8

CSUser access 7-7

Current Value statistic

: displaying for a user, group, or VPDN 6-30
: displaying for the current PoP 6-32

D

Data Encryption Standard

: See DES

database

: log 8-11
: options 1-7

DBServer, implementing limited max sessions control 6-2

debugging

: enabling for a RADIUS ACS server profile 5-18
: enabling general debugging on the CiscoSecure ACS 5-12

defining attributes for groups 7-2

defining user attributes 7-2

Delete a service or protocol 4-28

Delete a User window 3-18

deleting a profile attribute 4-28

deleting a user profile 3-18

deleting ACS profile 5-19

deleting NAS as RADIUS-enabled client 5-8

DES 3-11

dictionaries

: assigning RADIUS 4-11
: for RADIUS protocols 1-13
: managing RADIUS 5-20
: RADIUS 5-7
: specifying a RADIUS 2-15

Dictionaries window 5-20

displaying a profile in text format 4-21

displaying a system summary 4-24, 5-26

displaying an expired password 4-24, 5-26

Distributed Session Manager

: See DSM

document conventions xix

document objectives xv

document organization xvi

DSM

: applying group override settings 6-28
: configuring user settings 6-11
: creating or editing a DSM authority 6-6
: creating or editing a PoP Group 6-20
: deallocating a NAS from a PoP group 6-23
: deleting a PoP group 6-23
: displaying DSC authority statistics 6-36
: displaying PoP-related statistics 6-31
: displaying statistics for users, groups and VPDNs 6-30
: enabling 6-3
: overview 6-4
: resetting statistics for a user, group, or VPDN 6-33
: resetting the sessions counter for a DSC authority 6-35
: resetting the sessions counter for users, groups, or VPDNs 6-34
: specifying group settings 6-13
: specifying settings for a VPDN 6-17

DSM authority

: creating or editing 6-6
: deleting 6-7

DSM Authority Name

: specifying as a member-specific group setting 6-16
: specifying for a group 6-14
: specifying for a PoP group 6-25
: specifying for a user 6-12
: specifying for a VPDN 6-18

E

Edit a User page 3-13, 3-14

editing a user profile 3-12

enabling accounting on the NAS 8-2

enabling debugging for a RADIUS ACS server profile 5-18

enabling or disabling on the CiscoSecure ACS 5-17

Enigma

: See also, Secure Computing, SafeWord

Enigma option 3-11

entering NAS command for RADIUS user profile 2-18

error recovery

: enabling 5-18

erver 6-29

establishing S/Key users 11-21

excluding ports for RADIUS 10-4

excluding ports for TACACS+ 9-5

EXEC session, sample TACACS+ profile and NAS configurations supporting limited access 12-2

expired passwords 4-24, 5-26

expires attribute qualifier 7-6

extracting tool 8-10

F

failed logins

: description 5-29
: limiting the number allowed 5-11

features of CiscoSecure Access Control Server software 1-12

File option 3-11

Filter-Id attribute 4-16

Filtering, sample TACACS+ profile and NAS configurations supporting filtered shell access 12-7

find a group or user button 4-21

finding a group or user 4-21, 5-26

first-time logon 2-4, 2-7, 2-17, 3-6

flexibility and scalability 1-3

Framed-Compression attribute 4-16

Framed-IP-Address 4-15

Framed-IP-Netmask attribute 4-16

Framed-IPX-Network attribute 4-17

Framed-MTU attribute 4-16

Framed-Protocol attribute 4-15

Framed-Route attribute 4-17

Framed-Routing attribute 4-16

G

global configuration for RADIUS 10-2

global configuration for TACACS+ 9-2

granting CSUser access 7-7

group administration 7-2

group administrator

: assigning privilege of 3-9, 3-15
: enabling access to the SafeWord configuration pages 11-41

group administrator privilege level 3-9, 3-15

Group Max Sessions, specifying sessions per group 6-14

group profiles

: assigning RADIUS dictionary 4-11
: assigning TACACS+ attributes 4-6
: attributes assigned to 7-3
: browsing 3-19
: copying 4-20
: creating 4-3
: defining attributes 7-2
: displaying in text format 4-21
: finding 4-21, 5-26
: moving 4-26
: parent groups and child groups 7-2
: planning attributes for 7-1
: sample async PPP profile using RADIUS attributes 7-21
: sample Async Shell profile using TACACS+ attributes 7-19
: sample Async SLIP connection using TACACS+ attributes 7-19
: sample async Telnet profile using RADIUS attributes 7-24
: sample asynchronous SLIP profile using RADIUS attributes 7-22
: sample ISDN profile using RADIUS attributes 7-22
: sample PPP dialup connection using TACACS+ attributes 7-18
: sample Telnet shell profile using RADIUS attributes 7-23
: samples using RADIUS attributes 7-21 to 7-24
: samples using TACACS+ attributes 7-18 to 7-20
: unlocking 4-27
: using effectively 7-2

H

High Performance Threshold

: specifying as a member-specific group setting 6-16
: specifying for a group 6-15
: specifying for a PoP group 6-25
: specifying for a user 6-12
: specifying for a VPDN 6-19

I

icons for browsing user profiles 3-22

idletime attribute 4-10, 7-17

Idle-Timeout attribute 4-17

if-authenticated 9-6, 10-6

importing an existing RADIUS database 1-8

inacl attribute 4-9, 7-12

inheritance 1-18

initial configuration 2-2

initializing physical CRYPTOCards 11-11

installation

: ACS 2-1
: overview 2-2
: physical testing setup 2-3
: SafeWord 11-28
: testing user login and authorization 2-19

IP address, specifying for the DSM authority 6-7

ip-addresses attribute 7-17

ip-local pool attribute 7-14

ISDN group profile, RADIUS example 7-22

J

: Java requirements 3-2

K

: keyhole icon 4-27

L

Largest Oversubscription statistic

: displaying for a user, group, or VPDN 6-31
: displaying for the current PoP 6-32

Largest Subscription statistic

: displaying for a user, group, or VPDN 6-31
: displaying for the current PoP 6-32

limiting failed logins 5-11

Local Timezone field 5-10

logging in, CiscoSecure ACS 3-2

logging off 3-31, 4-32

logging options, enabling for the CiscoSecure ACS 5-12

Logoff window 3-31, 4-32

logon

: first time 2-4, 2-7, 2-17
: typical CRYPTOCard sequence 11-16

M

main menu page for CiscoSecure Administrator 3-4

managing NASes as RADIUS-enabled clients 5-5

managing RADIUS dictionaries 5-20

managing user authentication and authorization 3-1, 4-1, 5-1

Max Sessions

: enabling AAA server-based Max Sessions control 6-2
: enabling and disabling Max Sessions control 6-2
: enabling the Distributed Session Manager (DSM) 6-3
: implementing DBServer-based Max Sessions control 6-2
: specifying a limit for a VPDN 6-18
: specifying as a member-specific group setting 6-16
: specifying for a user 6-11
: specifying limitations by PoP group 6-25

Max Sessions Enabled field 5-10, 6-2

Max. Failed Authentications field

: description 5-11
: enabling a user's account 5-29

Maximum Transmission Unit attribute 4-16

moving a profile 4-26

N

NAS

: accounting 10-7
: accounting events 8-2, 9-7
: accounting record keywords 8-2, 8-4, 9-8, 10-8
: adding and configuring as RADIUS client 5-5
: adding and configuring as TACACS+ clients 4-21, 5-2
: adding as RADIUS-enabled client 5-7
: adding for TACACS+ 9-9
: authentication 10-3
: authentication methods 9-3, 10-3
: authorization for RADIUS 10-5
: authorization methods 10-6
: changing information for RADIUS-enabled client 5-7
: checkable items 9-5, 10-5
: commands used for RADIUS user profile 2-18
: configuring for RADIUS 10-1 to 10-14
: configuring for TACACS+ 9-1 to 9-11
: deleting as RADIUS-enabled client 5-8
: description 1-10
: enabling accounting 8-2
: excluding ports 9-5
: IP address 5-6
: managing as RADIUS-enabled clients 5-5
: password requirements 9-3
: password requirements for TACACS+ 9-3
: shared secret 5-6

NASes window 5-5

NAS-Identifier attribute 4-18

NAS-IP-Address attribute 4-15

NAS-Port attribute 4-15

NAS-Port-Type attribute 4-18

no password option 3-11

nocallback-verify attribute 4-10, 7-17

noescape attribute 4-10, 7-13

nohangup attribute 4-10, 7-13

O

obtaining CRYPTOCard RB-1 tokens 11-8

ODBC 1-10

one-time password

: caching 11-7
: supporting entry at the login password prompt 11-6
: supporting entry at the login username prompt 11-5

one-time password generators

: CRYPTOCard 11-2
: SafeWord 11-2
: SDI 11-2
: SecurID 11-23

other commands for TACACS+ 9-11

OTP

: See one-time password

outacl attribute 4-9, 7-12

outbound PAP 3-11

Oversubscriptions statistic

: displaying for a user, group, or VPDN 6-30
: displaying for the current PoP 6-32

overview of CiscoSecure Access Control Server software 1-1

overview of installation 2-2

P

package contents 1-9

PAP

: description 3-9
: enabling for the CiscoSecure ACS 5-9

parent group profiles 7-2

passcode 11-5

passcode, for token server authentication 11-5

password

: as attribute 3-25, 7-7
: behavior by RADIUS servers 7-9
: changing 7-9
: changing superuser 3-6
: default 2-4, 2-7, 2-11, 2-17
: enabling changes 5-18
: expiration 7-8
: expiration for RADIUS servers 7-9
: expired 4-24, 5-26
: requirements 9-3
: requirements for NAS 9-3
: supported types 1-15, 7-7
: TACACS+ requirements for NAS login 9-3

Password attribute 7-7

Password Authentication Protocol

: See PAP

Password-crypto 11-5

Perform Profile Caching field 5-17

Perform Token Caching (RADIUS specific ACS setting) 5-17

performance scalability 1-7

performing CiscoSecure quick operations 3-7

performing token caching, supporting the Ascend password caching solution 5-17

physical testing setup 2-3

PIN 11-1

Point-to-Point Protocol

: See PPP

PoP group

: deallocating a NAS from 6-23
: defining for DSM 6-20
: deleting 6-23
: restricting user, group, or VPDN sessions through 6-24

Port Number field (RADIUS-specific ACS setting) 5-17

PPP 11-5

PPP dialup connection example 7-18

priv_lvl attribute 4-10

privilege

: as attribute 3-25
: specifying 3-9, 3-15

privilege level attribute 4-10

privilege setting 11-21

priv-lvl attribute 7-14

profile attribute, deleting 4-28

profile caching 5-17

profile icons 3-22

profile information page 3-24, 3-25

profile window 4-22

profile_cycle 3-25

profile_id 3-25

protocol attribute 4-9

protocol support

: RADIUS 1-12
: TACACS+ 1-12

protocol-supported AAA features 1-12

Q

qualification attributes

: allow 7-6
: description 7-5
: expires 7-6
: refuse 7-6
: time 7-6
: valid 7-6

quick browse 3-19

quick delete 3-18

quick editing a user profile 3-12

R

RADIUS

: accounting 8-12
: accounting database log 8-13
: adding and configuring NAS as client 5-5
: and TACACS+ protocol support 1-12
: assigning dictionary 4-11
: attributes used in user profiles 4-14
: authorization on the NAS 10-5
: common attributes 3-25
: configuring ACS profiles 5-15
: configuring the NAS 10-1 to 10-14
: dictionaries 1-13
: dictionary 5-7
: entering NAS commands for user profile 2-18
: excluding ports 10-4
: global configuration 10-2
: group profile examples 7-21
: inheritance 1-18
: managing dictionaries 5-20
: most common attributes 4-15
: password behavior 7-9
: password expiration 7-9
: specifying a dictionary 2-15
: token card support 11-42
: typical attribute-value pairs 8-15
: vendor 5-7

RADIUS profile

: assigning check items 4-14
: assigning replay attributes 4-14

random password generator attacks, protecting against 5-11

RB-1 tokens 11-8

RDBMS 8-11, 8-13

S

S/Key

: description 1-15, 3-12, 11-21
: enabling for the CiscoSecure ACS 5-9
: establishing users 11-21
: privilege setting 11-21
: working with authentication 11-17

SafeWord

: access server software 11-3, 11-4
: accessing SafeWord configuration 11-29
: authentication 3-11
: configuring aliases 11-40
: configuring authentication 11-31
: configuring authorization 11-35
: description 1-15
: enabling group administrator access 11-41
: installation 11-28

sample AS5200 ISP configuration for RADIUS 10-12

sample configuration for a Cisco 2509 using RADIUS and accounting 10-9

sample NAS configuration (TACACS+) 9-10

SDI

: description 1-15, 11-23
: option 3-11
: token support 11-2

search 4-21

Secure Computing

: configuring SafeWord Aliases 11-40
: configuring SafeWord Authentication 11-31
: configuring SafeWord authorization 11-35
: configuring SafeWord software 11-29
: description 11-2, 11-28
: enabling group administrator access to SafeWord configuration 11-41
: enabling support on the CiscoSecure ACS 5-10

Security Dynamics, enabling support on the CiscoSecure ACS 5-10

selecting accounting method for a RADIUS server profile 5-17

Serial Line Internet Protocol 1-14

server group-max-authority attribute, specifying absolute status 6-29

server group-max-hp-threshold attribute, applying absolute status 6-29

server group-max-unbound-pop-policy attribute, applying absolute status 6-29

server max-authority attribute, applying absolute status to 6-29

server max-hp-threshold attribute, applying absolute status to 6-29

server max-sessions attribute, applying absolute status to 6-29

server max-unbound-pop-policy attribute, applying absolute status to 6-29

Server Name field (RADIUS-specific ACS setting) 5-17

server token caching attribute 11-7

servers window 5-15

service attribute 4-9

Service-PPP 11-5

Service-Type attribute 4-15

Session-Timeout attribute 4-17

set up TACACS+ user profile 2-4, 2-7, 2-17

shared secret 5-6

simple async PPP group profiles, RADIUS example 7-21

simple async shell group profile, example 7-19

simple async SLIP group profile, example 7-19

software control files, variables 8-8

specifications 1-9

specifying a RADIUS dictionary 2-15

specifying host NAS and RADIUS version 2-12, 2-14

specifying web privilege level 3-9, 3-15

SQLAnywhere 1-7

standards 1-9

starting CiscoSecure Administrator interface 3-2

subsequent logons 3-6

superuser

: changing the password 3-6
: description 3-4

support for the token cards 1-15

supported password types 7-7

system administrator privilege level 3-9, 3-15

system summary 4-24, 5-26

T

TACACS+

: accounting 8-1, 8-11
: accounting database log 8-11
: accounting system output 8-12
: adding and configuring NASes as clients 4-21, 5-2
: and RADIUS protocol support 1-12
: assigning attributes to group or user 4-6
: common attributes 3-25, 4-9
: configuring for NAS 9-1 to 9-11
: description 1-1
: global configuration 9-2
: inheritance 1-18
: NAS password requirements 9-3
: set up user profile 2-4, 2-17
: set up user profiles 2-7

TCP Port (DSM), specifying for the DSM authority 6-7

TCP Port (GUI), specifying for the DSM authority 6-7

Telnet 1-14

testing the user login and authorization 2-19

text format, displaying a profile 4-21

three components of network security 1-14

time attribue qualifier 7-6

time, setting on the CiscoSecure ACS 5-10

timeout attribute 4-10, 7-13

Token Cache Absolute Timeout field 5-12

token caching

: description 11-7
: enabling on the CiscoSecure ACS 5-12
: enabling the Ascend password caching solution 5-17

token cards

: description 11-1
: enabling support after installing CiscoSecure ACS 11-43

token passwords, enabling token caching 5-12

token server

: authentication example 11-3
: description 1-10
: support for 11-1 to 11-42

tunnel-id attribute 7-17

typical CRYPTOCard logon sequence 11-16

U

Unbound PoP Policy

: specifying as a member-specific group setting 6-16
: specifying for a group 6-15
: specifying for a user 6-12
: specifying for a VPDN 6-19

understanding network security 7-1

UNIX file option 3-11

UNIX system option 3-12

unlocking a profile 4-27

upgrade options 1-9

user group scalability 1-6

user groups, viewing 3-22

user login, testing 2-19

user privilege level 3-9, 3-15

user profiles

: assigning TACACS+ attributes 4-6
: browsing 3-19
: copying 4-20
: creating 3-7
: defining attributes 7-2
: deleting 3-18
: displaying in text format 4-21
: enabling or disabling caching 5-17
: finding 4-21, 5-26
: moving 4-26
: quick edit 3-12
: RADIUS attributes used 4-14
: setting up TACACS+ 2-4, 2-7, 2-17
: unlocking 4-27
: viewing 3-22

user-entry scalability 1-5

User-Name attribute 4-15

username, default 2-4, 2-7, 2-11, 2-17

User-Password attribute 4-15

users

: planning attributes for 7-1

using CiscoSecure's token card support with RADIUS 11-42

using CRYPTOCard logon sequence 11-16

using SQLAnywhere 1-7

V

valid attribute qualifier 7-6

variables in software control files 8-8

Vendor-Specific attribute 4-17

viewing groups and users 3-22

VPDN

: combining TACACS+ and RADIUS VPDN implementations on the same network 12-43
: sample RADIUS profile, NAS, and ACS configurations supporting VPDN access 12-32
: sample TACACS+ profile, NAS, and ACS configurations supporting VPDN access 12-22

W

web browser requirements for CiscoSecure Administrator 3-2

web browser, starting 3-2

web privilege

: specifying 3-15

web privilege, specifying 3-9

working with SecureID authentication 11-23

Z

: zonelist attribute 4-9, 7-14

Table of Contents

index