Specifications
Access Service Security 4-3
Remote Security Database
Remote Security Database
As your network expands, you need a centralized security database that provides username and
password information to each of the access servers on the network. This centralized security
database resides in a security server. (See Figure 4-2.)
An example of a security server is the CiscoSecure Access Control Server, a UNIX security daemon
that enables administrators to create databases that define network users and their privileges.
CiscoSecure uses a central database that stores user and group profiles with authentication and
authorization information.
The Cisco AS5300 exchanges user authentication information with a TACACS+ or RADIUS
database on the security server by transmitting encrypted TACACS+ or RADIUS packets across the
network.
For specific information about the interaction between security servers and access servers, refer to
the Security Configuration Guide, available online at
http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/secur_c/
Figure 4-2 Remote Security Database
A remote, centralized security database is useful when you have a large number of access servers
providing network access. It prevents having to update each access server with new or changed
authentication and authorization information for thousands of dial-in network users. A centralized
security database also helps establish consistent remote access policies throughout a corporation.
S6549
Large corporate network
with many dial-in access servers
Cisco AS5300
Cisco AS5300
Cisco AS5300
Cisco AS5300
Cisco AS5300
Macintosh server
Novell server
UNIX server
Windows NT server
48 or 60 dial-in ports on
each Cisco AS5300
access server
TACACS+ server or
RADIUS server
Remote security server
provides centralized
security database
to all dial-in access servers.
Router
Router
Cisco AS5300