Configuring RADIUS and TACACS+ with CSACS
Administering Cisco Secure ACS for Windows

The Cisco Secure ACS for Windows Server web browser interface makes administration of AAA features easy.

Navigation Buttons
Each of the buttons on the navigational bar represents a particular area or function that can be configured. Depending on the configuration, it may not be necessary to configure all of the areas. Select one of these buttons to begin configuring:

  • User Setup – Add, edit, delete user accounts, and list users in databases.
  • Group Setup – Create, edit, rename groups, and list all users in a group.
  • Shared Profile Components – Develop and name reusable, shared sets of authorization components which may be applied to one or more users or groups of users and referenced by name within their profiles. Components include network access restrictions (NARs), command authorization sets, and downloadable PIX Security Appliance access control lists (ACLs).
  • Network Configuration – Configure and edit AAA clients and server parameters, add and delete network access clients and servers, and configure AAA server distribution parameters.
  • System Configuration – Start and stop Cisco Secure ACS services, configure logging, control database replication, and control RDBMS synchronization.
  • Interface Configuration – Configure user defined fields that will be recorded in accounting logs, configure TACACS+ and RADIUS options, and control display of options in the user interface.
  • Administration Control – Control administration of Cisco Secure ACS from any workstation on the network.
  • External User Databases – Configure the unknown user policy, configure authorization privileges for unknown users and configure external database types.
  • Reports and Activity – Select Reports & Activity in the navigational bar to view the following information. These files can be imported into most database and spreadsheet applications. The following is a partial list of the types of reports available when accessing Reports & Activity:
    • TACACS+ Accounting Report – Lists when sessions stop and start, records network access server messages with username, provides caller line identification information, and records the duration of each session
    • RADIUS Accounting Report – Lists when sessions stop and start, records network access server messages with username, provides caller line identification information, and records the duration of each session.
    • Failed Attempts Report – Lists authentication and authorization failures with an indication of the cause.
    • Logged-In Users – Lists all users currently receiving services for a single network access server or all network access servers with access to Cisco Secure ACS.
    • Disabled Accounts – Lists all user accounts that are currently disabled.
    • Admin Accounting Reports – Lists configuration commands entered on a TACACS+ (Cisco) network access server.
  • Online Documentation – Provides more detailed information about the configuration, operation, and concepts of Cisco Secure ACS.

Resources

Resource: How to Add Users to CSACS