cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1240
Views
5
Helpful
5
Replies

Use of proxy distribution table in ACS v4.0

Suresh Babu
Level 1
Level 1

HI All,

We are running with Cisco ACS v4.0 AAA server, Here I need the use of Proxy distribution table.

Why is this required and what is the functionality of it.

Regards

Suresh

5 Replies 5

Jatin Katyal
Cisco Employee
Cisco Employee

I think you should read the stuff here:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/n.html#wp341876

Let me know if you still have any issues.

Regards,

Jatin Katyal
Do rate helpful posts -

~Jatin

HI Jkatyal,

Thanks for the response,

Correct my understading on proxy distribution table in brief, When a request comes to a TACAC server from a device if the device info is not available in the network settings and if proxy distribution table is configured then request been forwarded to proxy distribution table AAA servers for authentication.

Correct my understading if its wrong.

Regards

Suresh

Unfortunately no. If the network device information is not available in the network configuration table then the request will be rejected with an error message "UNKNOWN NAS".

Regards,

Jatin Katyal

- Do rate helpful posts -

~Jatin

HI Jkatyal,

Can you clarify what exactly the use of it in brief

Regards

Suresh

Use ACS as Proxy in a distributed enviornment.

Using proxy, ACS automatically forwards an  authentication requests from AAA clients to AAA servers. After the  request has been successfully authenticated, the authorization  privileges that you configured for the user on the remote AAA server are  passed back to the original ACS, where the AAA client applies the user  profile information for that session.

Fallback on Failed Connection

You can configure the order in which ACS checks remote AAA servers if a  failure of the network connection to the primary AAA server occurs. If  an authentication request cannot be sent to the first listed server,  because of a network failure for example, the next listed server is  checked. This checking continues, in order, down the list, until the  AAA servers handles the authentication request. (Failed connections are  detected by failure of the nominated server to respond within a  specified time period. That is, the request is timed out.) If ACS cannot  connect to any server in the list, authentication fails.

Stripping

Stripping allows ACS to remove, or strip, the matched character string  from the username. When you enable stripping, ACS examines each  authentication request for matching information.

Regards,

Jatin Katyal

- Do rate helpful posts -

~Jatin