First on the ACS, to add the CS-MARS device, go to Network Configuration > Add Entry, then add the CS-MARS hostname, IP Address & Shared Secret Key. From the Authenticate Using drop down list select RADIUS (IETF) and click Submit + Apply. Create a user account on the ACS for the user who wants access to the CS-MARS (Go to User Setup to create a user on the ACS).
On the CS-MARS also we need to create an account for the same user. Go to MANAGEMENT > User Management, click Add to create a new user. Enter the Role and the Login (username) of the user and click Submit.
Log into the CS-MARS as pnadmin and go to ADMIN > System Setup > Authentication Configuration. From the AAA Server Configuration: box click Add. Here you define your ACS Server and how MARS should communicate with it. Select whether to configure the ACS server on an existing host that MARS is aware of or on a new host. After entering basic IP address and interface information, click Next and on the Reporting Applications window select Generic AAA Server and click Add. On the AAA Server Configuration Window, enter the Name, Shared Secret Key (as given in the ACS), the Authentication Port (1812) and Accounting Port (1813). You should use the Test Connectivity button to verify that CS-MARS can communicate with the radius server and also to verify that user accounts can be authenticated against. Lastly go to the Authentication Configuration screen again and select AAA Server for Authentication method and select the server you just defined. You can add a secondary AAA Server in the same way.
If, for any reason, you need to change authentications back to Local, you will need to recreate a password for each user. Once the authentication method is changed to radius, all local passwords on the MARS appliance (except the pnadmin user) are deleted.
No comments:
Post a Comment