CiscoSecure ACS 2.4 for Windows NT User Guide
About This User Guide

Table of Contents

About This User Guide

About This User Guide

This section discusses the objectives, audience, and organization of the CiscoSecure ACS 2.4 for Windows NT Server User Guide.

Document Objectives

The objective of this document is to help you configure and use the CiscoSecure Access Control Server (CiscoSecure ACS) 2.4 software and its features and utilities.


This publication was written for system administrators who are using the CiscoSecure ACS software and are responsible for setting up and maintaining accounts and dial-in network security.

Document Organization and Conventions

Table 1: Document Organization
Chapter Title Topics Covered

About This User Guide

The audience, organization, and conventions of this book

Overview of CiscoSecure ACS 2.4 for Windows NT Server

An overview of CiscoSecure ACS and its features, network diagrams, and system requirements

CiscoSecure ACS Architecture

An overview of the CiscoSecure ACS architecture

User Databases

How to configure CiscoSecure ACS for use with the various user databases

Sophisticated Handling of Unknown Users

How CiscoSecure ACS handles unknown users

Interface Design

How the web-based HTML interface is designed and functions

Distributed Systems

Information about CiscoSecure ACS distributed systems, including fallback on rejection, centralized and remote logging, and authentication forwarding

Database Information Management

Information about CiscoSecure ACS database replication and remote database management system (RDBMS) synchronization


Information about the logging and reporting features of CiscoSecure ACS

Step-by-Step Configuration for CiscoSecure ACS

Instructions for configuring CiscoSecure ACS using the HTML user interface (HTML interface)

Sample Configurations

Sample configurations for CiscoSecure ACS

Troubleshooting Information for CiscoSecure ACS

How to identify and solve any problems you might have with CiscoSecure ACS

System Messages

A list and explanation of system messages you might encounter

TACACS+ Attribute-Value Pairs

A list of supported TACACS+ AV pairs and accounting AV pairs

RADIUS Attribute-Value Pairs

A list of supported RADIUS AV pairs and accounting AV pairs

CiscoSecure ACS Command-Line Database Utility

Instructions for using the database import utility, CSUtil, to import an ODBC database, and back up, maintain, or restore the CiscoSecure ACS database

CiscoSecure ACS and Virtual Private Dial-up Networks

An introduction to Virtual Private Dial-up Networks (VPDN), including stripping and tunneling, with instructions for enabling VPDN on CiscoSecure ACS.

Table 2: Document Conventions
Convention Description

boldface font

Commands and keywords.

italic font

Command input that is supplied by you.

[     ]

Keywords or arguments that appear within square brackets are optional.

{ x | x | x }

A choice of keywords (represented by x) appears in braces separated by vertical bars. You must select one.

^ or Ctrl

Represent the key labeled Control. For example, when you read ^D or Ctrl-D, you should hold down the Control key while you press the D key.

screen font

Examples of information displayed on the screen.

boldface screen font

Examples of information that you must enter.

<     >

Nonprinting characters, such as passwords, appear in angled brackets.

[     ]

Default responses to system prompts appear in square brackets.


Means reader take note. Notes contain helpful suggestions or references to additional information and material.


This symbol means the described action saves time. You can save time by performing the action described in the paragraph.


This symbol means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.

For More Information

You will need the documentation for your network access server (NAS). You might also want to consult Cisco Systems' Internetworking Terms and Acronyms publication.

Your CiscoSecure ACS also includes three quick reference cards to help you quickly install the software.

You should also read the README.TXT file and any release notes for additional important information.

Cisco Connection Online

Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.

Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.

CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.

You can access CCO in the following ways:

For a copy of CCO's Frequently Asked Questions (FAQ), contact For additional information, contact

Note If you are a network administrator and need personal technical assistance with a Cisco product that is under warranty or covered by a maintenance contract, contact Cisco's Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or To obtain general information about Cisco Systems, Cisco products, or upgrades, contact 800 553-6387, 408 526-7208, or

Documentation CD-ROM

Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at,, or

If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.