Cisco 3.3 - Page 782

To Next Page

To Previous Page

Appendix E VPDN Processing

VPDN Process

E-2

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Figure E-1 VPDN User Dials In

2. If VPDN is enabled, the NAS assumes that the user is a VPDN user. The NAS

strips off the “username@” (mary@) portion of the username and authorizes

(not authenticates) the domain portion (corporation.us) with the ACS. See

Figure E-2.

Figure E-2 NAS Attempts to Authorize Domain

If the domain authorization fails, the NAS assumes the user is not a VPDN

user. The NAS then authenticates (not authorizes) the user as if the user is a

standard non-VPDN dial user. See Figure E-3.

Corporation

VPDN user

User = mary@corporati

Call setup / PPP setup

Username = mary@corporation.us

ACS

RSP

ACS

Authorization request

User = corporation.us

S6646

Corporation

VPDN user

User = mary@corporation.us

ACS

RSP

ACS

Main Page

Default Chapter4
- Table of Contents4
- Product Documentation32
- Related Documentation33
- Obtaining Documentation35
- Documentation Feedback36
- Obtaining Technical Assistance37
- Obtaining Additional Publications and Information39
- Aaa Server Functions and Concepts45
- AAA Protocols-TACACS+ and RADIUS46
- Radius47
- Tacacs47
- Authentication48
- Authentication and User Databases49
- Authentication Considerations49
- Authentication Protocol-Database Compatibility50
- Passwords51
- Other Authentication-Related Features56
- Authorization57
- Dynamic Usage Quotas58
- Max Sessions58
- Shared Profile Components58
- Support for Cisco Device-Management Applications59
- Other Authorization-Related Features61
- Accounting62
- Other Accounting-Related Features62
- Administration63
- HTTP Port Allocation for Administrative Sessions63
- Network Device Groups64
- Other Administration-Related Features64
- Cisco Secure ACS HTML Interface65
- Posture Validation65
- About the Cisco Secure ACS HTML Interface66
- HTML Interface Security66
- HTML Interface Layout67
- Uniform Resource Locator for the HTML Interface69
- Administrative Sessions and HTTP Proxy70
- Network Environments and Administrative Sessions70
- Administrative Sessions through a NAT Gateway71
- Administrative Sessions through Firewalls71
- Accessing the HTML Interface72
- Logging off the HTML Interface73
- Online Help and Online Documentation73
- Using Online Help74
- Using the Online Documentation74
Chapter 2 Deployment Considerations78
- Basic Deployment Requirements for Cisco Secure ACS78
- System Requirements78
- Hardware Requirements78
- Operating System Requirements78
- Third-Party Software Requirements79
- Network and Port Requirements80
- Basic Deployment Factors for Cisco Secure ACS82
- Network Topology82
- Dial-Up Topology82
- Wireless Network85
- Remote Access Using VPN88
- Remote Access Policy90
- Security Policy91
- Administrative Access Policy91
- Separation of Administrative and General Users93
- Database94
- Number of Users94
- Type of Database94
- Network Latency and Reliability95
- Suggested Deployment Sequence95
- Interface Configuration99
Chapter 3 Interface Configuration100
- Interface Design Concepts100
- User-To-Group Relationship100
- Per-User or Per-Group Features100
- User Data Configuration Options101
- Defining New User Data Fields101
- Advanced Options102
- Setting Advanced Options for the Cisco Secure ACS User Interface104
- Protocol Configuration Options for TACACS105
- Setting Options for TACACS107
- Protocol Configuration Options for RADIUS109
- Setting Protocol Configuration Options for IETF RADIUS Attributes114
- Setting Protocol Configuration Options for Non-IETF RADIUS Attributes115
- Network Configuration117
- About Network Configuration117
Chapter 4 Network Configuration118
- About Distributed Systems118
- AAA Servers in Distributed Systems119
- Default Distributed System Settings119
- Proxy in Distributed Systems120
- Fallback on Failed Connection121
- Character String122
- Stripping122
- Proxy in an Enterprise122
- Remote Use of Accounting Packets123
- Other Features Enabled by System Distribution124
- Network Device Searches124
- Network Device Search Criteria124
- Searching for Network Devices125
- AAA Client Configuration127
- AAA Client Configuration Options127
- Adding a AAA Client132
- Editing a AAA Client135
- Deleting a AAA Client137
- AAA Server Configuration137
- AAA Server Configuration Options138
- Adding a AAA Server140
- Editing a AAA Server142
- Deleting a AAA Server144
- Network Device Group Configuration144
- Adding a Network Device Group145
- Assigning an Unassigned AAA Client or AAA Server to an NDG146
- Reassigning a AAA Client or AAA Server to an NDG147
- Renaming a Network Device Group148
- Deleting a Network Device Group148
- Proxy Distribution Table Configuration150
- About the Proxy Distribution Table150
- Adding a New Proxy Distribution Table Entry151
- Sorting the Character String Match Order of Distribution Entries152
- Editing a Proxy Distribution Table Entry153
- Deleting a Proxy Distribution Table Entry154
- Shared Profile Components155
- About Shared Profile Components155
- Network Access Filters156
- About Network Access Filters156
Chapter 5 Shared Profile Component157
- Adding a Network Access Filter157
- Editing a Network Access Filter159
- Deleting a Network Access Filter161
- Downloadable IP Acls161
- About Downloadable IP Acls162
- Adding a Downloadable IP ACL164
- Editing a Downloadable IP ACL167
- Deleting a Downloadable IP ACL168
- Network Access Restrictions168
- About Network Access Restrictions169
- About IP-Based NAR Filters171
- About Non-IP-Based NAR Filters172
- Adding a Shared Network Access Restriction173
- Editing a Shared Network Access Restriction177
- Deleting a Shared Network Access Restriction178
- Command Authorization Sets179
- About Command Authorization Sets180
- Command Authorization Sets Description180
- Command Authorization Sets Assignment182
- Case Sensitivity and Command Authorization183
- Arguments and Command Authorization183
- About Pattern Matching184
- Adding a Command Authorization Set185
- Editing a Command Authorization Set187
- Deleting a Command Authorization Set189
- User Group Management191
- About User Group Setup Features and Functions192
- Default Group192
- Group TACACS+ Settings192
Chapter 6 User Group Management193
- Basic User Group Settings193
- Group Disablement194
- Enabling Voip Support for a User Group194
- Setting Default Time-Of-Day Access for a User Group195
- Setting Callback Options for a User Group197
- Setting Network Access Restrictions for a User Group198
- Setting Max Sessions for a User Group202
- Setting Usage Quotas for a User Group204
- Configuration-Specific User Group Settings206
- Setting Token Card Settings for a User Group208
- Setting Enable Privilege Options for a User Group209
- Enabling Password Aging for the Ciscosecure User Database211
- Enabling Password Aging for Users in Windows Databases216
- Setting IP Address Assignment Method for a User Group218
- Assigning a Downloadable IP ACL to a Group220
- Configuring TACACS+ Settings for a User Group221
- Configuring a Shell Command Authorization Set for a User Group223
- Configuring a PIX Command Authorization Set for a User Group225
- Configuring Device-Management Command Authorization for a User Group227
- Configuring IETF RADIUS Settings for a User Group228
- Configuring Cisco IOS/PIX RADIUS Settings for a User Group230
- Configuring Cisco Aironet RADIUS Settings for a User Group231
- Configuring Ascend RADIUS Settings for a User Group233
- Configuring Cisco VPN 3000 Concentrator RADIUS Settings for a User Group234
- Configuring Cisco VPN 5000 Concentrator RADIUS Settings for a User Group236
- Configuring Microsoft RADIUS Settings for a User Group237
- Configuring Nortel RADIUS Settings for a User Group239
- Configuring Juniper RADIUS Settings for a User Group240
- Configuring BBSM RADIUS Settings for a User Group241
- Configuring Custom RADIUS VSA Settings for a User Group243
- Group Setting Management244
- Listing Users in a User Group244
- Resetting Usage Quota Counters for a User Group245
- Renaming a User Group245
- Saving Changes to User Group Settings246
- User Management247
- About User Setup Features and Functions247
Chapter 7 User Management248
- About User Databases248
- Basic User Setup Options249
- Adding a Basic User Account250
- Setting Supplementary User Information252
- Setting a Separate CHAP/MS-CHAP/ARAP Password253
- Assigning a User to a Group254
- Setting User Callback Option255
- Assigning a User to a Client IP Address256
- Setting Network Access Restrictions for a User257
- Setting Max Sessions Options for a User262
- Setting User Usage Quotas Options264
- Setting Options for User Account Disablement266
- Assigning a Downloadable IP ACL to a User267
- Advanced User Authentication Settings268
- TACACS+ Settings (User)269
- Configuring TACACS+ Settings for a User270
- Configuring a Shell Command Authorization Set for a User272
- Configuring a PIX Command Authorization Set for a User275
- User276
- Configuring the Unknown Service Setting for a User278
- Advanced TACACS+ Settings (User)279
- Setting Enable Privilege Options for a User279
- Setting TACACS+ Enable Password Options for a User281
- Setting TACACS+ Outbound Password for a User283
- RADIUS Attributes283
- Setting Cisco IOS/PIX RADIUS Parameters for a User284
- Setting Cisco Aironet RADIUS Parameters for a User284
- Setting Ascend RADIUS Parameters for a User289
- Setting Cisco VPN 3000 Concentrator RADIUS Parameters for a User290
- Setting Cisco VPN 5000 Concentrator RADIUS Parameters for a User292
- Setting Microsoft RADIUS Parameters for a User293
- Setting Nortel RADIUS Parameters for a User295
- Setting Juniper RADIUS Parameters for a User297
- Setting BBSM RADIUS Parameters for a User298
- Setting Custom RADIUS Attributes for a User299
- User Management300
- Listing All Users301
- Finding a User301
- Disabling a User Account302
- Deleting a User Account303
- Resetting User Session Quota Counters304
- Resetting a User Account after Login Failure305
- Saving User Settings306
- System Configuration: Basic307
- Service Control307
- Determining the Status of Cisco Secure ACS Services308
- Stopping, Starting, or Restarting Services308
Chapter 8 System Configuration: Basic309
- Logging309
- Date Format Control309
- Setting the Date Format309
- Local Password Management311
- Configuring Local Password Management313
- Cisco Secure ACS Backup315
- About Cisco Secure ACS Backup315
- Backup File Locations315
- Directory Management316
- Components Backed up316
- Reports of Cisco Secure ACS Backups316
- Backup Options317
- Performing a Manual Cisco Secure ACS Backup317
- Scheduling Cisco Secure ACS Backups318
- Disabling Scheduled Cisco Secure ACS Backups319
- Cisco Secure ACS System Restore320
- About Cisco Secure ACS System Restore320
- Backup Filenames and Locations320
- Components Restored321
- Reports of Cisco Secure ACS Restorations322
- Restoring Cisco Secure ACS from a Backup File322
- Cisco Secure ACS Active Service Management323
- System Monitoring323
- System Monitoring Options324
- Setting up System Monitoring325
- Event Logging326
- Setting up Event Logging326
- Voip Accounting Configuration327
- Configuring Voip Accounting327
- Ciscosecure Database Replication329
- C H a P T E R 9 System Configuration: Advanced330
- About Ciscosecure Database Replication330
- Replication Process332
- Replication Frequency335
- Important Implementation Considerations335
- Database Replication Versus Database Backup338
- Database Replication Logging338
- Replication Options339
- Replication Components Options339
- Outbound Replication Options340
- Inbound Replication Options343
- Implementing Primary and Secondary Replication Setups on Cisco Secure Acses343
- Configuring a Secondary Cisco Secure ACS345
- Replicating Immediately347
- Scheduling Replication349
- Disabling Ciscosecure Database Replication352
- RDBMS Synchronization353
- Database Replication Event Errors353
- About RDBMS Synchronization354
- Users355
- User Groups355
- Network Configuration356
- Custom RADIUS Vendors and Vsas356
- RDBMS Synchronization Components357
- About Csdbsync357
- About the Accountactions Table359
- Cisco Secure ACS Database Recovery Using the Accountactions Table360
- Reports and Event (Error) Handling361
- Preparing to Use RDBMS Synchronization361
- Considerations for Using CSV-Based Synchronization363
- Preparing for CSV-Based Synchronization364
- Configuring a System Data Source Name for RDBMS Synchronization365
- RDBMS Synchronization Options366
- RDBMS Setup Options366
- Synchronization Scheduling Options367
- Synchronization Partners Options367
- Performing RDBMS Synchronization Immediately368
- Scheduling RDBMS Synchronization369
- Disabling Scheduled RDBMS Synchronizations371
- IP Pools Server372
- About IP Pools Server372
- Allowing Overlapping IP Pools or Forcing Unique Pool Address Ranges373
- Refreshing the AAA Server IP Pools Table375
- Adding a New IP Pool375
- Editing an IP Pool Definition376
- Resetting an IP Pool377
- Deleting an IP Pool378
- IP Pools Address Recovery379
- Enabling IP Pool Address Recovery379
- About Certification and EAP Protocols381
- C H a P T E R 10 System Configuration: Authentication and Certificates382
- Digital Certificates382
- EAP-TLS Authentication382
- About the EAP-TLS Protocol383
- EAP-TLS and Cisco Secure ACS384
- EAP-TLS Limitations386
- Enabling EAP-TLS Authentication387
- PEAP Authentication388
- About the PEAP Protocol388
- PEAP and Cisco Secure ACS389
- PEAP and the Unknown User Policy391
- Enabling PEAP Authentication392
- EAP-FAST Authentication393
- About EAP-FAST393
- About Master Keys395
- About Pacs397
- Master Key and PAC Ttls401
- Replication and EAP-FAST402
- Enabling EAP-FAST405
- Global Authentication Setup406
- Authentication Configuration Options407
- Configuring Authentication Options413
- Cisco Secure ACS Certificate Setup414
- Installing a Cisco Secure ACS Server Certificate415
- Adding a Certificate Authority Certificate417
- Editing the Certificate Trust List418
- Managing Certificate Revocation Lists420
- About Certificate Revocation Lists420
- Certificate Revocation List Configuration Options420
- Adding a Certificate Revocation List Issuer420
- Editing a Certificate Revocation List Issuer420
- Deleting a Certificate Revocation List Issuer420
- Generating a Certificate Signing Request425
- Using Self-Signed Certificates427
- About Self-Signed Certificates427
- Self-Signed Certificate Configuration Options428
- Generating a Self-Signed Certificate429
- Updating or Replacing a Cisco Secure ACS Certificate430
- Logs and Reports434
Chapter 11 Log and Report434
- Logging Formats434
- Special Logging Attributes434
- NAC Attributes in Logs436
- Update Packets in Accounting Logs437
- About Cisco Secure ACS Logs and Reports438
- Accounting Logs438
- Dynamic Administration Reports441
- Viewing the Logged-In Users Report442
- Deleting Logged-In Users443
- Viewing the Disabled Accounts Report444
- Cisco Secure ACS System Logs445
- Configuring the Administration Audit Log446
- Working with CSV Logs447
- CSV Log File Names447
- CSV Log File Locations448
- Enabling or Disabling a CSV Log449
- Viewing a CSV Report450
- Configuring a CSV Log451
- Working with ODBC Logs453
- Preparing for ODBC Logging454
- Configuring a System Data Source Name for ODBC Logging454
- Configuring an ODBC Log455
- Remote Logging458
- About Remote Logging458
- Implementing Centralized Remote Logging459
- Remote Logging Options460
- Enabling and Configuring Remote Logging461
- Disabling Remote Logging463
- Service Logs463
- Services Logged464
- Configuring Service Logs465
- Administrator Accounts467
- C H a P T E R 12 Administrators and Administrative Policy468
- About Administrator Accounts468
- Administrator Privileges469
- Adding an Administrator Account472
- Editing an Administrator Account473
- Edit Cisco Acs Administrator Account Privileges474
- Unlocking a Locked out Administrator Account476
- Deleting an Administrator Account477
- Access Policy477
- Access Policy Options478
- Setting up Access Policy480
- Session Policy482
- Session Policy Options482
- Setting up Session Policy483
- Audit Policy484
Chapter 13 User Database486
- Ciscosecure User Database486
- About the Ciscosecure User Database486
- User Import and Creation487
- About External User Databases488
- Authenticating with External User Databases489
- External User Database Authentication Process490
- Windows User Database491
- What's Supported with Windows User Databases492
- Authentication with Windows User Databases493
- Trust Relationships493
- Windows Dial-Up Networking Clients494
- Windows Dial-Up Networking Clients with a Domain Field494
- Windows Dial-Up Networking Clients Without a Domain Field495
- Usernames and Windows Authentication495
- Username Formats and Windows Authentication495
- Non-Domain-Qualified Usernames497
- Domain-Qualified Usernames498
- UPN Usernames498
- EAP and Windows Authentication499
- EAP-TLS Domain Stripping500
- Machine Authentication500
- Machine Access Restrictions503
- Microsoft Windows and Machine Authentication504
- Enabling Machine Authentication506
- User-Changeable Passwords with Windows User Databases509
- Preparing Users for Authenticating with Windows510
- Windows User Database Configuration Options510
- Configuring a Windows External User Database514
- Generic LDAP516
- Cisco Secure ACS Authentication Process with a Generic LDAP User Database517
- Multiple LDAP Instances517
- LDAP Organizational Units and Groups518
- Domain Filtering518
- LDAP Failover520
- Successful Previous Authentication with the Primary LDAP Server520
- Unsuccessful Previous Authentication with the Primary LDAP Server521
- LDAP Configuration Options521
- Configuring a Generic LDAP External User Database527
- Novell NDS Database533
- About Novell NDS User Databases534
- User Contexts535
- Novell NDS External User Database Options536
- Configuring a Novell NDS External User Database537
- ODBC Database539
- What Is Supported with ODBC User Databases541
- Cisco Secure ACS Authentication Process with an ODBC External User Database542
- Preparing to Authenticate Users with an ODBC-Compliant Relational Database543
- Implementation of Stored Procedures for ODBC Authentication544
- Type Definitions545
- Microsoft SQL Server and Case-Sensitive Passwords545
- Sample Routine for Generating a PAP Authentication SQL Procedure546
- Sample Routine for Generating an SQL CHAP Authentication Procedure547
- Sample Routine for Generating an EAP-TLS Authentication Procedure548
- PAP Authentication Procedure Input548
- PAP Procedure Output549
- CHAP/MS-CHAP/ARAP Authentication Procedure Input550
- CHAP/MS-CHAP/ARAP Procedure Output550
- EAP-TLS Authentication Procedure Input551
- EAP-TLS Procedure Output552
- Result Codes553
- Configuring a System Data Source Name for an ODBC External User Database554
- Configuring an ODBC External User Database555
- LEAP Proxy RADIUS Server Database559
- Configuring a LEAP Proxy RADIUS Server External User Database560
- Token Server User Databases562
- About Token Servers and Cisco Secure ACS562
- Token Servers and ISDN563
- RADIUS-Enabled Token Servers563
- About RADIUS-Enabled Token Servers563
- Token Server RADIUS Authentication Request and Response563
- Contents563
- Configuring a RADIUS Token Server External User Database563
- RSA Securid Token Servers568
- Configuring an RSA Securid Token Server External User Database569
- Deleting an External User Database Configuration570
- About Network Admission Control573
- NAC AAA Components574
- Posture Validation575
Chapter 14 Network Admission Control575
- Posture Tokens576
- Non-Responsive NAC-Client Computers577
- Implementing Network Admission Control577
- NAC Databases582
- About NAC Databases582
- About NAC Credentials and Attributes583
- NAC Database Configuration Options584
- Policy Selection Options585
- Configuring a NAC Database586
- NAC Policies588
- Local Policies589
- About Local Policies590
- About Rules, Rule Elements, and Attributes591
- Local Policy Configuration Options594
- Rule Configuration Options596
- Creating a Local Policy597
- External Policies600
- About External Policies600
- External Policy Configuration Options601
- Creating an External Policy604
- Editing a Policy606
- Deleting a Policy608
- Unknown User Policy611
- Known, Unknown, and Discovered Users611
- Authentication and Unknown Users611
Chapter 15 Unknown User Policy613
- About Unknown User Authentication614
- General Authentication of Unknown Users615
- Windows Authentication of Unknown Users616
- Domain-Qualified Unknown Windows Users616
- Windows Authentication with Domain Qualification617
- Multiple User Account Creation618
- Performance of Unknown User Authentication618
- Added Authentication Latency619
- Authentication Timeout Value on AAA Clients619
- Posture Validation and the Unknown User Policy620
- NAC and the Unknown User Policy620
- Posture Validation Use of the Unknown User Policy621
- Required Use for Posture Validation622
- Authorization of Unknown Users623
- Unknown User Policy Options623
- Database Search Order624
- Configuring the Unknown User Policy626
- Disabling Unknown User Authentication627
- User Group Mapping and Specification629
- About User Group Mapping and Specification629
- C H a P T E R 16 User Group Mapping and Specification630
- Group Mapping by External User Database630
- Creating a Cisco Secure ACS Group Mapping for a Token Server, ODBC Database, or LEAP Proxy RADIUS Server Database631
- Group Mapping by Group Set Membership632
- Group Mapping Order633
- No Access Group for Group Set Mappings633
- Default Group Mapping for Windows634
- Windows Group Mapping Limitations634
- Generic LDAP Groups635
- Editing a Windows, Novell NDS, or Generic LDAP Group Set Mapping637
- Deleting a Windows, Novell NDS, or Generic LDAP Group Set Mapping638
- Deleting a Windows Domain Group Mapping Configuration639
- Changing Group Set Mapping Order640
- NAC Group Mapping641
- Configuring NAC Group Mapping641
- RADIUS-Based Group Specification642
Appendix645
- A Troubleshooting646
- Administration Issues646
Appendix A Troubleshooting647
- Browser Issues648
- Cisco IOS Issues649
- Database Issues651
- Dial-In Connection Issues654
- Debug Issues658
- Proxy Issues659
- Installation and Upgrade Issues660
- Maxsessions Issues660
- Report Issues661
- Third-Party Server Issues663
- User Authentication Issues664
- TACACS+ and RADIUS Attribute Issues666
Appendix667
- TACACS+ Attribute-Value Pairs667
- Cisco IOS AV Pair Dictionary667
Appendix B TACAC+ Attribute-Value Pair668
- TACACS+ AV Pairs668
- TACACS+ Accounting AV Pairs670
Appendix673
- RADIUS Attributes673
- Cisco IOS Dictionary of RADIUS AV Pairs675
Appendix C RADIU Attribute675
- Cisco IOS/PIX Dictionary of RADIUS Vsas677
- About the Cisco-Av-Pair RADUIS Attribute679
- Cisco VPN 3000 Concentrator Dictionary of RADIUS Vsas681
- Cisco VPN 5000 Concentrator Dictionary of RADIUS Vsas685
- Cisco Building Broadband Service Manager Dictionary of RADIUS VSA686
- IETF Dictionary of RADIUS AV Pairs686
- Microsoft MPPE Dictionary of RADIUS Vsas700
- Microsoft MPPE Dictionary of RADIUS Vsas702
- Ascend Dictionary of RADIUS AV Pairs703
- Ascend Dictionary of RADIUS AV Pairs705
- Nortel Dictionary of RADIUS Vsas715
- Juniper Dictionary of RADIUS Vsas716
Appendix717
Appendix D Csutil Database Utility718
- Csutil Database Utility719
- Csutil.exe Options719
- Displaying Command-Line Syntax721
- Backing up Cisco Secure ACS with Csutil.exe722
- Restoring Cisco Secure ACS with Csutil.exe723
- Creating a Ciscosecure User Database724
- Creating a Cisco Secure ACS Database Dump File726
- Loading the Cisco Secure ACS Database from a Dump File727
- Compacting the Ciscosecure User Database728
- User and AAA Client Import Option730
- Importing User and AAA Client Information731
- User and AAA Client Import File Format732
- About User and AAA Client Import File Format733
- ONLINE or OFFLINE Statement733
- ADD Statements734
- UPDATE Statements735
- DELETE Statements737
- ADD_NAS Statements737
- DEL_NAS Statements739
- Import File Example740
- Exporting User List to a Text File740
- Exporting Group Information to a Text File741
- Exporting Registry Information to a Text File742
- Decoding Error Numbers743
- Recalculating CRC Values744
- User-Defined RADIUS Vendors and VSA Sets744
- About User-Defined RADIUS Vendors and VSA Sets745
- Adding a Custom RADIUS Vendor and VSA Set745
- Deleting a Custom RADIUS Vendor and VSA Set747
- Listing Custom RADIUS Vendors748
- Exporting Custom RADIUS Vendor and VSA Sets749
- RADIUS Vendor/Vsa Import File750
- About the RADIUS Vendor/Vsa Import File750
- Vendor and VSA Set Definition751
- Attribute Definition752
- Enumeration Definition754
- Example RADIUS Vendor/Vsa Import File755
- PAC File Generation756
- PAC File Options and Examples757
- Generating PAC Files759
- Posture Validation Attributes760
- Posture Validation Attribute Definition File760
- Exporting Posture Validation Attribute Definitions764
- Importing Posture Validation Attribute Definitions765
- Deleting a Posture Validation Attribute Definition767
- Default Posture Validation Attribute Definition File768
Appendix781
- VPDN Processing781
- VPDN Process781
Appendix787
- RDBMS Synchronization Import Definitions787
- Accountactions Specification787
- Accountactions Format788
- Accountactions Mandatory Fields789
- Accountactions Processing Order790
- Action Codes790
- Action Codes for Setting and Deleting Values791
- Action Codes for Creating and Modifying User Accounts793
- Action Codes for Initializing and Modifying Access Filters800
- Action Codes for Modifying TACACS+ and RADIUS Group and User Settings805
- Action Codes for Modifying Network Configuration811
- Cisco Secure ACS Attributes and Action Codes818
- User-Specific Attributes818
- User-Defined Attributes818
- Group-Specific Attributes818
- An Example of Accountactions822
Appendix825
- G Internal Architecture825
- Windows Services825
- Windows Registry825
- Csadmin826
- Csauth827
- Csdbsync828
- Cslog828
- Csmon828
- Monitoring829
- Recording830
- Notification831
- Response831
- Cstacacs and Csradius832

Cisco 3.3 - Page 782

Table of Contents

Related product manuals