Table Of Contents
System Configuration: Basic
Service Control
Determining the Status of Cisco Secure ACS Services
Stopping, Starting, or Restarting Services
Logging
Date Format Control
Setting the Date Format
Local Password Management
Configuring Local Password Management
Cisco Secure ACS Backup
About Cisco Secure ACS Backup
Backup File Locations
Directory Management
Components Backed Up
Reports of Cisco Secure ACS Backups
Backup Options
Performing a Manual Cisco Secure ACS Backup
Scheduling Cisco Secure ACS Backups
Disabling Scheduled Cisco Secure ACS Backups
Cisco Secure ACS System Restore
About Cisco Secure ACS System Restore
Backup Filenames and Locations
Components Restored
Reports of Cisco Secure ACS Restorations
Restoring Cisco Secure ACS from a Backup File
Cisco Secure ACS Active Service Management
System Monitoring
Event Logging
VoIP Accounting Configuration
Configuring VoIP Accounting
System Configuration: Basic
This chapter addresses the basic features found in the System Configuration section of CiscoSecure ACS for WindowsServer.
This chapter contains the following topics:
•
Service Control
• Logging
• Date Format Control
• Local Password Management
• CiscoSecure ACS Backup
• CiscoSecure ACS System Restore
• CiscoSecure ACS Active Service Management
• VoIP Accounting Configuration
Service Control
CiscoSecure ACS uses several services. The Service Control page provides basic status information about the services, and enables you to configure the service log files and to stop or restart the services. For more information about CiscoSecure ACS services, see "Overview"
Tip You can configure CiscoSecure ACS service logs. For more information, see Configuring Service Logs.
This section contains the following topics:
• Determining the Status of CiscoSecure ACS Services
• Stopping, Starting, or Restarting Services
Determining the Status of Cisco Secure ACS Services
You can determine whether CiscoSecure ACS services are running or stopped by accessing the Service Control page.
To determine the status of CiscoSecure ACS services, follow these steps:
Step1 In the navigation bar, click System Configuration .
Step2 Click Service Control .
The status of the services appears in the CiscoSecure ACS on hostname table, where hostname is the name of the CiscoSecure ACS.
Stopping, Starting, or Restarting Services
You can stop, start, or restart CiscoSecure ACS services as needed. This achieves the same result as starting and stopping CiscoSecure ACS services from within Windows Control panel. This procedure stops, starts, or restarts the CiscoSecure ACS services except for CSAdmin, which is responsible for the HTML interface.
Note If the CSAdmin service needs to be restarted, you can do so using the Control Panel Services applet; however, it is best to allow CiscoSecure ACS to handle the services because there are dependencies in the order in which the services are started.
To stop, start, or restart CiscoSecure ACS services, follow these steps:
Step1 In the navigation bar, click System Configuration .
Step2 Click Service Control .
The status of the services appears in the CiscoSecure ACS on hostname table, where hostname is the name of the CiscoSecure ACS.
If the services are running, the Restart and Stop buttons appear at the bottom of the page.
If the services are stopped, the Start button appears at the bottom of the page.
Step3 Click Stop , Start , or Restart , as applicable.
The status of CiscoSecure ACS services changes to the state appropriate to the button you clicked.
Logging
You can configure CiscoSecure ACS to generate logs for administrative and accounting events, depending on the protocols and options you have enabled. For more information, including configuration steps, see "Overview"
Date Format Control
CiscoSecure ACS allows for one of two possible date formats in its logs, reports, and administrative interface. You can choose either a month/day/year format or a day/month/year format.
Setting the Date Format
Note If you have reports that were generated before you changed the date format, be sure to move or rename them to avoid conflicts. For example, if you are using the month/day/year format, CiscoSecure ACS assigns the name 2001-07-12.csv to a report generated on July 12, 2001. If you subsequently change to the day/month/year format, on December 7, 2001, CiscoSecure ACS creates a file also named 2001-07-12.csv and overwrites the existing file.
To set the date format, follow these steps:
Step1 In the navigation bar, click System Configuration .
Step2 Click Date Format Control .
CiscoSecure ACS displays the Date Format Selection table.
Step3 Select a date format option.
Step4 Click Submit & Restart .
CiscoSecure ACS restarts its services and implements the date format you selected.
Note For the new date format to be seen in the HTML interface reports, you must restart the connection to the CiscoSecure ACS. Click the Logoff button (a button with an X) in the upper-right corner of the browser window.
Local Password Management
You use the Local Password Management page to configure settings that apply to managing passwords stored in the CiscoSecure user database. It contains the following three sections:
•Password Validation Options —These settings enable you to configure validation parameters for user passwords. CiscoSecure ACS enforces these rules when an administrator changes a user password in the CiscoSecure user database and when a user attempts to change passwords using the CiscoSecure Authentication Agent applet.
Note Password validation options apply only to user passwords stored in the CiscoSecure user database. They do not apply to passwords in user records kept in external user databases nor do they apply to enable or admin passwords for Cisco IOS network devices.
The password validation options are listed below:
–Password length between X and Y characters —Enforces that password lengths be between the values specified in the X and Y boxes, inclusive. CiscoSecure ACS supports passwords up to 32 characters long.
–Password may not contain the username —Requires that a user password does not contain the username anywhere within it.
–Password is different from the previous value —Requires a new user password to be different from the previous password.
–Password must be alphanumeric —Requires a user password to contain both letters and numbers.
•Remote Change Password —These settings enable you to configure whether Telnet password change is enabled and, if it is enabled, whether CiscoSecure ACS immediately sends the updated user data to its replication partners.
The remote change password options are listed below:
–Disable TELNET Change Password against this ACS and return the following message to the users telnet session —When selected, this option disables the ability to perform password changes during a Telnet session hosted by a TACACS+ AAA client. Users who submit a password change receive the text message that you type in the corresponding box.
–Upon remote user password change, immediately propagate the change to selected replication partners —This setting determines whether CiscoSecure ACS sends to its replication partners any passwords changed during a Telnet session hosted by a TACACS+ AAA client, by the CiscoSecure Authentication Agent, or by the User-Changeable Passwords web interface. The CiscoSecure ACSes configured as this CiscoSecure ACS's replication partners are listed below this check box.
This feature depends upon having the CiscoSecure Database Replication feature configured properly; however, replication scheduling does not apply to propagation of changed password information. Cisco Secure ACS sends changed password information immediately, regardless of replication scheduling.
Changed password information is replicated only to Cisco Secure ACSes that are properly configured to receive replication data from this Cisco Secure ACS. The automatically triggered cascade setting for the CiscoSecure Database Replication feature does not cause Cisco Secure ACSes that receive changed password information to send it to their replication partners.
For more information about CiscoSecure Database Replication, see CiscoSecure Database Replication .
•Password Change Log File Management —These settings enable you to configure how CiscoSecure ACS handles log files generated for the User Password Change report. For more information about this report, see CiscoSecure ACS System Logs.
The log file management options for the User Password Changes Log are listed below:
–Generate New File —You can specify the frequency at which CiscoSecure ACS creates a User Password Changes Log file: daily, weekly, monthly, or after the log reaches a size in kilobytes that you specify.
–Manage Directory —You can specify whether CiscoSecure ACS controls the retention of log files. If enabled, this feature enables you to specify either the maximum number of files to retain or the maximum age of files to retain. If the maximum number of files is exceeded, CiscoSecure ACS deletes the oldest log file. If the maximum age of a file is exceeded, CiscoSecure ACS deletes the file.
Configuring Local Password Management
To configure password validation options, follow these steps:
Step1 In the navigation bar, click System Configuration .
Step2 Click Local Password Management .
The Local Password Management page appears.
Step3 Under Password Validation Options, follow these steps:
a. In Password length between X and Y characters, type the minimum valid number of characters for a password in the X box. While the X box accepts two characters, passwords can only be between 1 and 32 characters in length.
b. In Password length between X and Y characters, type the maximum valid number of characters for a password in the Y box. While the X box accepts two characters, passwords can only be between 1 and 32 characters in length.
c. If you want to disallow passwords that contain the username, select the Password may not contain the username check box.
d. If you want to require that a user password must be different than the previous user password, select the Password is different from the previous value check box.
e. If you want to require that passwords must contain both letters and numbers, select the Password must be alphanumeric check box.
Step4 Under Remote Change Password, follow these steps:
a. If you want to enable user password changes in Telnet sessions, clear the Disable TELNET Change Password against this ACS and return the following message to the users telnet session check box.
b. If you want to disable user password changes in Telnet sessions, select the Disable TELNET Change Password against this ACS and return the following message to the users telnet session check box.
c. In the box below the Disable TELNET Change Password against this ACS and return the following message to the users telnet session check box, type a message that users should see when attempting to change a password in a Telnet session and when the Telnet password change feature has been disabled (Step b).
d. If you want Cisco Secure ACS to send changed password information immediately after a user has changed a password, select the Upon remote user password change, immediately propagate the change to selected replication partners check box.
Tip The CiscoSecure ACSes that receive the changed password information list below the Upon remote user password change, immediately propagate the change to selected replication partners check box.
Step5 If you want CiscoSecure ACS to generate a new User Password Changes log file at a regular interval, select one of the following options:
•Every day —CiscoSecure ACS generates a new User Password Changes log file at the start of each day.
•Every week —CiscoSecure ACS generates a new User Password Changes log file at the start of each week.
•Every month —CiscoSecure ACS generates a new User Password Changes log file at the start of each month.
Step6 If you want CiscoSecure ACS to generate a new User Password Changes log file when the current file reaches a specific size, select the When size is greater than X KB option and type the file size threshold, in kilobytes, in the X box.
Step7 If you want to manage which User Password Changes log files CiscoSecure ACS keeps, follow these steps:
a. Select the Manage Directory check box.
b. If you want to limit the number of User Password Changes log files Cisco Secure ACS retains, select the Keep only the last X files option and type the number of files you want Cisco Secure ACS to retain in the X box.
c. If you want to limit how old User Password Changes log files retained by Cisco Secure ACS can be, select the Delete files older than X days option and type the number of days for which Cisco Secure ACS should retain a User Password Changes log file before deleting it.
Step8 Click Submit .
CiscoSecure ACS restarts its services and implements the settings you specified.
Cisco Secure ACS Backup
This section provides information about the CiscoSecure ACS Backup feature, including procedures for implementing this feature.
This section contains the following topics:
• About CiscoSecure ACS Backup
• Backup File Locations
• Directory Management
• Components Backed Up
• Reports of CiscoSecure ACS Backups
• Backup Options
• Performing a Manual CiscoSecure ACS Backup
• Scheduling CiscoSecure ACS Backups
• Disabling Scheduled CiscoSecure ACS Backups
About Cisco Secure ACS Backup
The ACS Backup feature backs up your CiscoSecure ACS system information to a file on the local hard drive. You can manually back up the CiscoSecure ACS system. You can also establish automated backups that occur at regular intervals or at selected days of the week and times. Maintaining backup files can minimize downtime if system information becomes corrupt or is misconfigured. We recommend copying the files to the hard drive on another system in case the hardware fails on the primary system.
For information about using a backup file to restore CiscoSecure ACS, see CiscoSecure ACS System Restore.
Backup File Locations
The default directory for backup files is the following:
drive:\path\CSAuth\SystemBackups
where drive is the local drive where you installed CiscoSecure ACS and path is the path from the root of drive to the CiscoSecure ACS directory. For example, if you installed CiscoSecure ACS version 3.0 in the default location, the default backup location would be
c:\Program Files\CiscoSecure ACS v3.0\CSAuth\System Backups.
The filename given to a backup is determined by CiscoSecure ACS. For more information about filenames assigned to backup files generated by CiscoSecure ACS, see Backup Filenames and Locations.
Directory Management
You can configure the number of backup files to keep and the number of days after which backup files are deleted. The more complex your configuration and the more often you back up the system, the more diligent we recommend you be about clearing out old databases from the CiscoSecure ACS hard drive.
Components Backed Up
The ACS System Backup feature backs up the CiscoSecure ACS user database and information from the Windows Registry that is relevant to CiscoSecure ACS. The user database backup includes all user information, such as username, password, and other authentication information, including server certificates and the certificate trust list. The Windows Registry information includes any system information that is stored in the Windows Registry, such as NDG information, AAA client configuration, and administrator accounts.
Reports of Cisco Secure ACS Backups
When a system backup takes place, whether it was manually generated or scheduled, the event is logged in the Administration Audit report and the ACS Backup and Restore report. You can view recent reports in the Reports and Activity section of CiscoSecure ACS.
For more information about CiscoSecure ACS reports, see "Overview"
Backup Options
The ACS System Backup Setup page contains the following configuration options:
•Manually —CiscoSecure ACS does not perform automatic backups. When this option is selected, you can only perform a backup by following the steps in Performing a Manual CiscoSecure ACS Backup.
•Every X minutes —CiscoSecure ACS performs automatic backups on a set frequency. The unit of measurement is minutes, with a default backup frequency of 60 minutes.
•At specific times... —CiscoSecure ACS performs automatic backups at the time specified in the day and hour graph. The minimum interval is one hour, and the backup takes place on the hour selected.
•Directory —The directory where CiscoSecure ACS writes the backup file. The directory must be specified by its full path on the Windows server that runs CiscoSecure ACS, such as c:\acs-bups.
•Manage Directory —Defines whether CiscoSecure ACS deletes older backup files. Using the following options, you can specify how CiscoSecure ACS determines which log files to delete:
–Keep only the last X files —CiscoSecure ACS retains the most recent backup files, up to the number of files specified. When the number of files specified is exceeded, CiscoSecure ACS deletes the oldest files.
–Delete files older than X days —CiscoSecure ACS deletes backup files that are older than the number of days specified. When a backup file grows older than the number of days specified, CiscoSecure ACS deletes it.
Performing a Manual Cisco Secure ACS Backup
You can back up CiscoSecure ACS whenever you want, without scheduling the backup.
To perform an immediate backup of CiscoSecure ACS, follow these steps:
Step1 In the navigation bar, click System Configuration .
Step2 Click ACS Backup .
The ACS System Backup Setup page appears.
Step3 In the Directory box under Backup Location, type the drive and path to the directory on a local hard drive where you want the backup file to be written.
Step4 Click Backup Now .
CiscoSecure ACS immediately begins a backup.
Scheduling Cisco Secure ACS Backups
You can schedule CiscoSecure ACS backups to occur at regular intervals or on selected days of the week and times.
To schedule the times at which CiscoSecure ACS performs a backup, follow these steps:
Step1 In the navigation bar, click System Configuration .
Step2 Click ACS Backup .
The ACS System Backup Setup page appears.
Step3 To schedule backups at regular intervals, under ACS Backup Scheduling, select the Every X minutes option and in the X box type the length of the interval at which CiscoSecure ACS should perform backups.
Note Because CiscoSecure ACS is momentarily shut down during backup, if the backup interval is too frequent, users might be unable to authenticate.
Step4 To schedule backups at specific times, follow these steps:
a. Under ACS Backup Scheduling, select the At specific times option.
b. In the day and hour graph, click the times at which you want Cisco Secure ACS to perform a backup.
Tip Clicking times of day on the graph selects those times; clicking again clears them. At any time you can click Clear All to clear all hours, or you can click Set All to select all hours.
Step5 To change the location where CiscoSecure ACS writes backup files, type the drive letter and path in the Directory box.
Step6 To manage which backup files CiscoSecure ACS keeps, follow these steps:
a. Select the Manage Directory check box.
b. To limit the number of backup files Cisco Secure ACS retains, select the Keep only the last X files option and type in the X box the number of files you want Cisco Secure ACS to retain.
c. To limit how old backup files retained by Cisco Secure ACS can be, select the Delete files older than X days option and type the number of days for which Cisco Secure ACS should retain a backup file before deleting it.
Step7 Click Submit .
CiscoSecure ACS implements the backup schedule you configured.
Disabling Scheduled Cisco Secure ACS Backups
You can disable scheduled CiscoSecure ACS backups without losing the schedule itself. This allows you to end scheduled backups and resume them later without having to re-create the schedule.
To disable a scheduled backup, follow these steps:
Step1 In the navigation bar, click System Configuration .
Step2 Click ACS Backup .
The ACS System Backup Setup page appears.
Step3 Under ACS Backup Scheduling, select the Manual option.
Step4 Click Submit .
CiscoSecure ACS does not continue any scheduled backups. You can still perform manual backups as needed.
Cisco Secure ACS System Restore
This section provides information about the CiscoSecure ACS System Restore feature, including procedures for restoring your CiscoSecure ACS from a backup file.
This section contains the following topics:
• About CiscoSecure ACS System Restore
• Backup Filenames and Locations
• Components Restored
• Reports of CiscoSecure ACS Restorations
• Restoring CiscoSecure ACS from a Backup File
About Cisco Secure ACS System Restore
The ACS System Restore feature enables you to restore your system configuration from backup files generated by the ACS Backup feature. This feature helps minimize downtime if CiscoSecure ACS system information becomes corrupted or is misconfigured.
The ACS System Restore feature only works with backup files generated by a CiscoSecure ACS running an identical CiscoSecure ACS version and patch level.
Backup Filenames and Locations
The ACS System Restore feature restores the CiscoSecure ACS user database and CiscoSecure ACS Windows Registry information from a file that was created by the ACS Backup feature. CiscoSecure ACS writes backup files only on the local hard drive. You can restore from any backup file you select. For example, you can restore from the latest backup file, or if you suspect that the latest backup was incorrect, you can select an earlier backup file to restore from.
The backup directory is selected when you schedule backups or perform a manual backup. The default directory for backup files is the following:
drive:\path\CSAuth\SystemBackups
where drive is the local drive where you installed CiscoSecure ACS and path is the path from the root of drive to the CiscoSecure ACS directory. For example, if you installed CiscoSecure ACS version 3.0 in the default location, the default backup location would be:
c:\Program Files\CiscoSecure ACS v3.0\CSAuth\System Backups
CiscoSecure ACS creates backup files using the date and time format:
dd-mmm-yyyy-nn-ss.dmp
where:
•dd is the date the backup started
•mmm is the month, abbreviated in alphabetic characters
•yyyy is the year
•hh is the hour, in 24-hour format
•nn is the minute
•ss is the second at which the backup started
For example, if CiscoSecure ACS started a backup on October 13, 1999, 11:41:35 a.m., CiscoSecure ACS would generate a backup file named:
13-Oct-1999 11-41-35.dmp
If you are not sure of the location of the latest backup file, check your scheduled backup configuration on the ACS Backup page.
Components Restored
You can select the components to restore: the user and group databases, the system configuration, or both.
Reports of Cisco Secure ACS Restorations
When a CiscoSecure ACS system restoration takes place, the event is logged in the Administration Audit report and the ACS Backup and Restore report. You can view recent reports in the Reports and Activity section of CiscoSecure ACS.
For more information about CiscoSecure ACS reports, see "Overview"
Restoring Cisco Secure ACS from a Backup File
You can perform a system restoration of CiscoSecure ACS whenever needed.
Note Using the CiscoSecure ACS System Restore feature restarts all CiscoSecure ACS services and logs out all administrators.
To restore CiscoSecure ACS from a backup file generated by the CiscoSecure ACS Backup feature, follow these steps:
Step1 In the navigation bar, click System Configuration .
Step2 Click ACS Restore .
The ACS System Restore Setup page appears.
The Directory box displays the drive and path to the backup directory most recently configured in the Directory box on the ACS Backup page.
Beneath the Directory box, CiscoSecure ACS displays the backup files in the current backup directory. If no backup files exist, <No Matching Files> appears in place of filenames.
Step3 To change the backup directory, type the new drive and path to the backup directory in the Directory box, and then click OK .
CiscoSecure ACS displays the backup files, if any, in the backup directory you specified.
Step4 In the list below the Directory box, select the backup file you want to use to restore CiscoSecure ACS.
Step5 To restore user and group database information, select the User and Group Database check box.
Step6 To restore system configuration information, select the CiscoSecure ACS System Configuration check box.
Step7 Click Restore Now .
CiscoSecure ACS displays a confirmation dialog box indicating that performing the restoration will restart CiscoSecure ACS services and log out all administrators.
Step8 To continue with the restoration, click OK .
CiscoSecure ACS restores the system components specified using the backup file you selected. The restoration should require several minutes to complete, depending on which components you selected to restore and the size of your database.
When the restoration is complete, you can log in again to CiscoSecure ACS.
Cisco Secure ACS Active Service Management
ACS Active Service Management is an application-specific service monitoring tool that is tightly integrated with ACS. The two features that compose ACS Active Service Management are described in this section.
This section contains the following topics:
• System Monitoring
• Event Logging
System Monitoring
CiscoSecure ACS system monitoring enables you to determine how often CiscoSecure ACS tests its authentication and accounting processes, and to determine what automated actions it takes should tests detect a failure of these processes. CiscoSecure ACS accomplishes system monitoring with the CSMon service. For more information about the CSMon service, see CSMon.
System Monitoring Options
You have the following options for configuring system monitoring:
•Test login process every X minutes —Controls whether or not CiscoSecure ACS tests its login process. The value in the X box defines, in minutes, how often CiscoSecure ACS tests its login process. The default frequency is once per minute, which is also the most frequent testing interval possible.
When this option is enabled, at the interval defined, CiscoSecure ACS tests authentication and accounting. If the test fails, after four unsuccessful re-tries CiscoSecure ACS performs the action identified in the If no successful authentications are recorded list and logs the event.
•If no successful authentications are recorded —Specifies what action CiscoSecure ACS takes if it detects that its test login process failed. This list contains several built-in actions and reflects actions that you define. The items beginning with asterisks (*) are predefined actions.
–*Restart All —Restart all CiscoSecure ACS services.
–*Restart RADIUS/TACACS+ —Restart only the RADIUS and TACACS+ services.
–*Reboot —Reboot CiscoSecure ACS.
–Custom actions —You can define other actions for CiscoSecure ACS to take upon failure of the login process. CiscoSecure ACS can execute a batch file or executable upon the failure of the login process. To make a batch or executable file available in the on failure list, place the file in the following directory:
drive:\path\CSMon\Scripts
where drive is the local drive where you installed Cisco Secure ACS and path is the path from the root of drive to the Cisco Secure ACS directory.
–Take No Action —Leave CiscoSecure ACS operating as is.
•Generate event when an attempt is made to log in to a disabled account —Specifies whether CiscoSecure ACS generates a log entry when a user attempts to log in to your network using a disabled account.
•Log all events to the NT Event log —Specifies whether CiscoSecure ACS generates a Windows event log entry for each exception event.
•Email notification of event —Specifies whether CiscoSecure ACS sends an e-mail notification for each event.
–To —The e-mail address that notification e-mail is sent to. For example, joeadmin@company.com.
–SMTP Mail Server —The simple mail transfer protocol (SMTP) server that CiscoSecure ACS should use to send notification e-mail. You can identify the SMTP server either by its hostname or by its IP address.
Setting Up System Monitoring
To setup CiscoSecure ACS System Monitoring, follow these steps:
Step1 In the navigation bar, click System Configuration .
Step2 Click ACS Service Management .
The ACS Active Service Management Setup page appears.
Step3 To have CiscoSecure ACS test the login process, follow these steps:
a. Select the Test login process every X minutes check box.
b. Type in the X box the number of minutes (up to 3 characters) that should pass between each login process test.
c. From the If no successful authentications are recorded list, select the action Cisco Secure ACS should take when the login test fails five successive times.
Step4 To have CiscoSecure ACS generate a Windows event when a user attempts to log in to your network using a disabled account, select the Generate event when an attempt is made to log in to a disabled account check box.
Step5 If you want to set up event logging, see Setting Up Event Logging.
Step6 If you are done setting up CiscoSecure ACS Service Management, click Submit .
CiscoSecure ACS implements the service management settings you made.
Event Logging
The Event Logging feature enables you to configure whether CiscoSecure ACS logs events to the Windows event log and whether CiscoSecure ACS generates an e-mail when an event occurs. CiscoSecure ACS uses the System Monitoring feature to detect the events to be logged. For more information about system monitoring, see System Monitoring Options.
Setting Up Event Logging
To view the Windows event log, select Start> Programs> Administrative Tools> Event Viewer . For more information about the Windows event log or Event Viewer, refer to your Microsoft Windows documentation.
To set up CiscoSecure ACS event logging, follow these steps:
Step1 In the navigation bar, click System Configuration .
Step2 Click ACS Service Management .
The ACS Active Service Management Setup page appears.
Step3 To have CiscoSecure ACS send all events to the Windows event log, select Log all events to the Windows Event log .
Step4 To have CiscoSecure ACS send an e-mail when an event occurs, follow these steps:
a. Select the Email notification of event check box.
b. In the To box, type the e-mail address (up to 200 characters) to which Cisco Secure ACS should send event notification e-mail.
Note Do not use underscores in the e-mail addresses you type in this box.
c. In the SMTP Mail Server box, type the hostname (up to 200 characters) of the sending e-mail server.
Note The SMTP mail server must be operational and must be available from the CiscoSecure ACS.
Step5 If you want to set up system monitoring, see Setting Up System Monitoring.
Step6 If you are done setting up CiscoSecure ACS Service Management, click Submit .
CiscoSecure ACS implements the service management settings you made.
VoIP Accounting Configuration
The VoIP Accounting Configuration feature enables you to specify which accounting logs receive VoIP accounting data. There are three options for VoIP accounting:
•Send to both RADIUS and VoIP Accounting Log Targets —CiscoSecure ACS appends VoIP accounting data to the RADIUS accounting data and logs it separately to a CSV file. To view the data, you can use either RADIUS Accounting or VoIP Accounting under Reports and Activity.
•Send only to VoIP Accounting Log Targets —CiscoSecure ACS only logs VoIP accounting data to a CSV file. To view the data, you can use VoIP Accounting under Reports and Activity.
•Send only to RADIUS Accounting Log Targets —CiscoSecure ACS only appends VoIP accounting data to the RADIUS accounting data. To view the data, you can use RADIUS Accounting under Reports and Activity.
Configuring VoIP Accounting
Note The VoIP Accounting Configuration feature does not enable VoIP accounting. To enable VoIP accounting, see "Overview"
To configure VoIP accounting, follow these steps:
Step1 In the navigation bar, click System Configuration .
Step2 Click VoIP Accounting Configuration .
Note If this feature does not appear, click Interface Configuration , click Advanced Options , and then select the Voice-over-IP (VoIP) Accounting Configuration check box.
The VoIP Accounting Configuration page appears. The Voice-over-IP (VoIP) Accounting Configuration table displays the options for VoIP accounting.
Step3 Select the VoIP accounting option you want.
Step4 Click Submit .
CiscoSecure ACS implements the VoIP accounting configuration you specified.
