Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1025
Views
5
Helpful
5
Replies

Use of proxy distribution table in ACS v4.0

Suresh Babu
Level 1
Level 1

‎02-11-2013 02:19 AM - edited ‎03-10-2019 08:04 PM

HI All,

We are running with Cisco ACS v4.0 AAA server, Here I need the use of Proxy distribution table.

Why is this required and what is the functionality of it.

Regards

Suresh

Labels:
0 Helpful
5 Replies 5

Jatin Katyal
Cisco Employee
Cisco Employee

‎02-11-2013 08:21 AM

I think you should read the stuff here:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/n.html#wp341876

Let me know if you still have any issues.

Regards,

Jatin Katyal
Do rate helpful posts -

~Jatin
0 Helpful

Suresh Babu
Level 1
Level 1
In response to Jatin Katyal

‎02-12-2013 03:03 AM

HI Jkatyal,

Thanks for the response,

Correct my understading on proxy distribution table in brief, When a request comes to a TACAC server from a device if the device info is not available in the network settings and if proxy distribution table is configured then request been forwarded to proxy distribution table AAA servers for authentication.

Correct my understading if its wrong.

Regards

Suresh

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to Suresh Babu

‎02-17-2013 02:00 AM

Unfortunately no. If the network device information is not available in the network configuration table then the request will be rejected with an error message "UNKNOWN NAS".

Regards,

Jatin Katyal

- Do rate helpful posts -

~Jatin
0 Helpful

Suresh Babu
Level 1
Level 1
In response to Jatin Katyal

‎02-17-2013 03:11 AM

HI Jkatyal,

Can you clarify what exactly the use of it in brief

Regards

Suresh

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to Suresh Babu

‎02-17-2013 04:00 AM

Use ACS as Proxy in a distributed enviornment.

Using proxy, ACS automatically forwards an  authentication requests from AAA clients to AAA servers. After the  request has been successfully authenticated, the authorization  privileges that you configured for the user on the remote AAA server are  passed back to the original ACS, where the AAA client applies the user  profile information for that session.

Fallback on Failed Connection

You can configure the order in which ACS checks remote AAA servers if a  failure of the network connection to the primary AAA server occurs. If  an authentication request cannot be sent to the first listed server,  because of a network failure for example, the next listed server is  checked. This checking continues, in order, down the list, until the  AAA servers handles the authentication request. (Failed connections are  detected by failure of the nominated server to respond within a  specified time period. That is, the request is timed out.) If ACS cannot  connect to any server in the list, authentication fails.

Stripping

Stripping allows ACS to remove, or strip, the matched character string  from the username. When you enable stripping, ACS examines each  authentication request for matching information.

Regards,

Jatin Katyal

- Do rate helpful posts -

~Jatin
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents