MARS 6.0.5 with ACS SE 4.2.1 both as an AAA authentication server and as a reporting device

Answered Question
Dec 22nd, 2009

Hi all,

I want to use the ACS SE to authenticate MARS users. As per the User Guide: Admin -> System Setup -> Authentication Configuration -> AAA Server Configuration -> Add. I only have two options: "Add AAA server on new host" and "Add AAA server on existing host". There is no "Add AAA server on an ACS SE appliance" option. Ok, so I add an AAA server on a new host, using the IP address of the ACS SE as the access/reporting/interface IP. I add the "Generic AAA Server" application to the host, I add the AAA server as the primary AAA server in the "Authentication Method", I configure the MARS as a RADIUS client on the ACS SE, and everything works as expected. MARS users authenticate without any issues.

The problem is that I want to use the ACS SE as a reporting device, also.

I can not add it as an "ACS SE 4.x" device, because the reporting IP is already in use by the AAA host created earlier.


Another approach is to install the ACS SE Remote Agent on a computer, but I'm not sure how it works. Let me know if this is correct:

- on the ACS SE, I don't configure syslog logging to the MARS appliance. Instead, I add the remote agent in the Network Configuration, and I configure remote logging to the remote agent

- on the MARS appliance, I add the remote agent as an "ACS SE 4.x" device.

- but then, how do I configure the remote agent to send syslog to the MARS?

Does this sound right?

Another unrelated question: is there a way to use the SNMP agent inside CS ACS from MARS? There is no place to configure an SNMP community string neither under host configuration, nor under ACS SE 4.x configuration.

Any help appreciated. Thanks!

I have this problem too.
0 votes
Correct Answer by Jennifer Halim about 4 years 1 month ago

You don't need to configure Remote Agent for logging from ACS SE to MARS. Remote Agent functionality is to send syslog messages to a windows host because ACS SE is an appliance which can't hold too many of the loggings as it grows. Remote Agent logging is also only supported on ACS SE.

You can log syslog messages directly from ACS SE to MARS as follows:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgAaaSv.html#wp914601

This is the configuration on ACS SE:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgAaaSv.html#wp914172

SNMP is not supported for ACS SE:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/compatibility/local_controller/dtlc60x.html#wp75381

Here is a little reading on Remote Agent for ACS SE:

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawo.html

Hope the above helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (2 ratings)
angeldustine Mon, 03/22/2010 - 01:02

Hi all,

Just to revive this thread a bit.

One question:

To use the ACS SE as a reporting device, do we need to use the ACS SE Remote Agent, or can we send the logs directly to the MARS. I am very confused as what is the role of the logging component of the Remote Agent.

Thank you!

Correct Answer
Jennifer Halim Mon, 03/22/2010 - 01:22

You don't need to configure Remote Agent for logging from ACS SE to MARS. Remote Agent functionality is to send syslog messages to a windows host because ACS SE is an appliance which can't hold too many of the loggings as it grows. Remote Agent logging is also only supported on ACS SE.

You can log syslog messages directly from ACS SE to MARS as follows:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgAaaSv.html#wp914601

This is the configuration on ACS SE:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgAaaSv.html#wp914172

SNMP is not supported for ACS SE:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/compatibility/local_controller/dtlc60x.html#wp75381

Here is a little reading on Remote Agent for ACS SE:

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawo.html

Hope the above helps.

angeldustine Tue, 03/23/2010 - 06:29

Hi and thanks a lot. Great reply!

Ok, so now I now, I will configure my ACS SE to send syslogs to the MARS.

Do you know if, in this configuration, I am still able to use the ACS SE as an AAA authentication server for the MARS users?

It's not really required, but it would be a very nice addition. The problem I've encountered so far is that the MARS would not allow me to add the same IP as a reporting device and as an authentication server. Do you have any better idea on how to do this?

Thank you very much!

Jennifer Halim Wed, 03/24/2010 - 04:15

If you edit your existing ACS device, you should be able to go to the second tab "Reporting Applications" and add "Cisco Secure ACS 4.x" as the device type.

angeldustine Wed, 03/24/2010 - 07:20

It seems that the whole problem (in the topic title) is not actually a problem.

First add the ACS SE 4.x reporting device, then configure AAA authentication (add AAA server host as directed).

You WILL get a warning that the IP already exists, but it's just a warning, it will accept this configuration.

YAY! Finaly!

Thanks again!

Actions

Login or Register to take actions

This Discussion

Posted December 22, 2009 at 5:31 AM
Stats:
Replies:5 Avg. Rating:5
Views:1404 Votes:0
Shares:0
Tags: aaa, acs, cs-mars, mars, se
+

Related Content

Discussions Leaderboard