Cisco Access Registrar 4.2 Installation And Configuration Manual
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Software
  5. Cisco Access Registrar 4.2
  6. Installation and configuration manual
Cisco Access Registrar 4.2 Installation And Configuration Manual

Cisco Access Registrar 4.2 Installation And Configuration Manual

Cisco systems network device installation and configuration guide
Hide thumbs Also See for Cisco Access Registrar 4.2:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administrator's Manual, User Manual
Enlarged version
Installing and Configuring Cisco Access
Registrar, 4.2
November 2008
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-17221-02

Advertisement

Table of Contents
loading

Related Manuals for Cisco Cisco Access Registrar 4.2

Summary of Contents for Cisco Cisco Access Registrar 4.2

  • Page 1: Installing And Configuring Cisco Access Registrar

    Installing and Configuring Cisco Access Registrar, 4.2 November 2008 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-17221-02...
  • Page 2 Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step,...

  • Page 3: Table Of Contents

    Downloading Cisco Access Registrar Software Cisco Access Registrar 4.2 Licensing License Slabs Getting Cisco Access Registrar 4.2 License Installing Cisco Access Registrar 4.2 Licenses Adding Additional Cisco Access Registrar 4.2 Licenses Sample License File Displaying License Information aregcmd Command-Line Option Launching aregcmd...
  • Page 4 Contents Installing Cisco Access Registrar 4.2 C H A P T E R Installing the Cisco Access Registrar 4.2 License File Installing Cisco Access Registrar 4.2 Software on Solaris Deciding Where to Install Installing Cisco Access Registrar Software from CD-ROM...
  • Page 5 Backup Copy of Original Configuration Removing Old VSA Names VSA Update Script Configuring SNMP Configuring SNMP Restarting Replication Configuring Cisco Access Registrar 4.2 C H A P T E R Using aregcmd General Command Syntax aregcmd Commands Configuring a Basic Site Running aregcmd Changing the Administrator’s Password...
  • Page 6 Contents Enabling SNMP in the Cisco Access Registrar Server Stopping the Master Agent Modifying the snmpd.conf File Access Control Trap Recipient System Contact Information Restarting the Master Agent Configuring Dynamic DNS Testing Dynamic DNS with radclient Customizing Your Configuration C H A P T E R Configuring Groups Configuring Specific Groups Creating and Setting Group Membership...
  • Page 7 Configuring Services Creating the Services Configuring the Script Choosing the Scripting Point Configuring Session Management Configuring a Resource Manager Creating a Resource Manager Configuring a Session Manager Creating a Session Manager Enabling Session Management Configuring Session Management N D E X OL-17221-02 5-14 5-14...
  • Page 8 Contents Installing and Configuring Cisco Access Registrar, 4.2 viii OL-17221-02...

  • Page 9: About This Guide

    This guide contains the following chapters: Chapter 1, “Overview,” • about downloading Cisco Access Registrar 4.1 software, and information about Cisco AR licensing. Chapter 2, “Installing Cisco Access Registrar 4.2,” • using CD-ROM or downloaded software. Chapter 3, “Upgrading Cisco Access Registrar Software,”...

  • Page 10: Documentation Feedback

    Cisco.com. You can submit comments about Cisco documentation by using the response card (if present) behind the front cover of your document or by writing to the following address: Cisco Systems Attn: Customer Document Ordering 170 West Tasman Drive San Jose, CA 95134-9883 We appreciate your comments.

  • Page 11: Obtaining Technical Assistance

    About This Guide In an emergency, you can also reach PSIRT by telephone: 1 877 228-7302 • 1 408 525-6532 • We encourage you to use Pretty Good Privacy (PGP) or a compatible product (for example, GnuPG) to encrypt any sensitive information that you send to Cisco. PSIRT can work with information that has been encrypted with PGP versions 2.x through 9.x.

  • Page 12: Submitting A Service Request

    output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call. Submitting a Service Request Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions.

  • Page 13: Obtaining Additional Publications And Information

    You can access Packet magazine at this URL: http://www.cisco.com/packet iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies • learn how they can use technology to increase revenue, streamline their business, and expand services.
  • Page 14 About This Guide World-class networking training is available from Cisco. You can view current offerings at • this URL: http://www.cisco.com/en/US/learning/index.html Installing and Configuring Cisco Access Registrar, 4.2 OL-17221-02...

  • Page 15: Chapter 1 Overview

    Before you install the CAR 4.2 software, you must copy a license file to the workstation where you will install the software. You will receive the license file as an e-mail attachment. “Cisco Access Registrar 4.2 Licensing” section on page 1-4 licensing mechanism in Cisco AR.

  • Page 16: Installation Location

    Cisco AR workstation before you begin the software installation. You can copy the license file to /tmp or another directory you might prefer. The installation process will copy the license file from the location you provide to /opt/CSCOar/license. “Cisco Access Registrar 4.2 Licensing” section on page 1-4 Cisco AR license file requirements. Java 2 Runtime Environment The installation dialog asks for the location of the Java 2 Runtime Environment (J2RE).

  • Page 17: Example Configuration

    Chapter 1 Overview Example Configuration The installation dialog asks if you want to install the example configuration. You can use the example configuration to learn about Cisco AR and to refer to the examples that appear later in this document. You can delete the example configuration at any time by running the command: /opt/CSCOar/bin/aregcmd -f /opt/CSCOar/examples/cli/delete-example-configuration.rc Base Directory...

  • Page 18: Cisco Access Registrar 4.2 Licensing

    Systems Operating System and application software licenses and downloads are governed by Cisco Systems' applicable End User License Agreement/Software License Agreement. By clicking Agree you further agree to abide by the terms and conditions set forth in Cisco Systems' End User License agreement/Software License Agreement and your service agreement.

  • Page 19: License Slabs

    AR-4.2-UP-3.X-K9= AR-4.2-UP-4.X-K9= Getting Cisco Access Registrar 4.2 License When you order the CAR 4.2 product, a text license file will be sent to you in e-mail. If you are evaluating the software, Cisco will provide you with an evaluation license.

  • Page 20: Installing Cisco Access Registrar 4.2 Licenses

    Cisco AR license file, you can copy and paste the text into a file, or you can simply save the file you receive in e-mail to an accessible directory. Adding Additional Cisco Access Registrar 4.2 Licenses If you add additional licenses, you can open the file in /opt/CSCOar/license and add additional lines to the license file, or you can create an additional license file to hold the new lines.

  • Page 21: Displaying License Information

    Following are the licensed components: Launching aregcmd The Cisco AR server displays license information when you launch aregcmd, as shown in the following: aregcmd Cisco Access Registrar 4.2.1 Configuration Utility Copyright (C) 1995-2008 by Cisco Systems, Inc. Logging in to localhost [ //localhost ] LicenseInfo = AR-Base-100TPS 4.2 (expires on 30-Nov-2008)
  • Page 22 Chapter 1 Overview Cisco Access Registrar 4.2 Licensing Installing and Configuring Cisco Access Registrar, 4.2 OL-17221-02...

  • Page 23: Installing Cisco Access Registrar 4.2

    Note system using kernel 2.6.9-22.0.2.EL or later, and Glibc version: glibc-2.3.4-2.13 or later. This chapter contains the following sections: Installing the Cisco Access Registrar 4.2 License File, page 2-1 • Installing Cisco Access Registrar 4.2 Software on Solaris, page 2-2 •...

  • Page 24: Installing Cisco Access Registrar 4.2 Software On Solaris

    Chapter 2 Installing Cisco Access Registrar 4.2 Installing Cisco Access Registrar 4.2 Software on Solaris Installing Cisco Access Registrar 4.2 Software on Solaris This section describes the software installation process when installing Cisco AR software on a Solaris workstation for the first time.

  • Page 25: Deciding Where To Install

    Log in to the Cisco AR workstation as a root user. Step 1 Change directory to the location where you have stored the uncompressed tarfile. Step 2 cd /tmp OL-17221-02 Installing Cisco Access Registrar 4.2 Software on Solaris Steps. Installing and Configuring Cisco Access Registrar, 4.2 Installing...

  • Page 26: Common Solaris Installation Steps

    Installing Cisco Access Registrar 4.2 Software on Solaris Use the following command line to uncompress the tarfile and extract the installation package files. Step 3 zcat CSCOar-4.2.1-sol9-K9.tar.gz | tar xvf - Note These instructions are for the Solaris 9 package. There is no difference in download or installation procedures for Solaris 9 or Solaris 10 other than the package name.
  • Page 27 ## Checking for setuid/setgid programs. The following files are being installed with setuid and/or setgid permissions: /opt/CSCOar/.system/screen <setuid root> /opt/CSCOar/bin/aregcmd <setgid staff> /opt/CSCOar/bin/radclient <setgid staff> OL-17221-02 Installing Cisco Access Registrar 4.2 Software on Solaris [?,q] /nfs/insbu-cnstools/java Installing and Configuring Cisco Access Registrar, 4.2...
  • Page 28 Enter Y to continue with the software installation. Step 14 No further interaction is required; the installation process should complete successfully and the arservagt is automatically started. Installing Cisco Access Registrar 4.2.1 [SunOS-5.9, official] as <CSCOar> ## Installing part 1 of 1. /opt/CSCOar/.system/add-example-config /opt/CSCOar/.system/run-ar-scripts /opt/CSCOar/.system/screen...

  • Page 29: Configuring Snmp

    To know about configuration of CAR on LDoms, see White Paper under CAR Collateral in Note http://wwwin-nmbu.cisco.com/fieldportal/products/car/summary.cfm?Prod=car&tsession. Installing Cisco Access Registrar 4.2 Software on Linux This section describes the software installation process when installing Cisco AR software on a Linux workstation for the first time. This section includes the following subsections: •...

  • Page 30: Deciding Where To Install

    Installing Cisco Access Registrar 4.2 Software on Linux Deciding Where to Install Before you begin the software installation, you should decide where you want to install the new software. The default installation directory for CAR 4.2 software is /opt/CSCOar. You can use the default installation directory, or you can choose to install the Cisco AR software in a different directory.
  • Page 31 Do you want to install the example configuration now? [n]: [y,n,?,q] y OL-17221-02 Installing Cisco Access Registrar 4.2 Software on Linux Relocations: /opt/CSCOar Vendor: Cisco Systems, Inc. Build Date: Mon Nov 03 23:55:51 2008 Build Host: spencer.cnslab.cisco.com...

  • Page 32: Configuring Snmp

    Installing Cisco Access Registrar 4.2 Software on Linux When prompted whether to install the example configuration now, enter Y or N to continue. Step 7 You can delete the example configuration at any time by running the command Note /opt/CSCOar/usrbin/aregcmd -f /opt/CSCOar/examples/cli/delete-example-configuration.rc.

  • Page 33: Upgrading Cisco Access Registrar Software

    Upgrading Cisco Access Registrar Software CAR 4.2 supports software upgrades from your previously installed Cisco AR software while preserving your existing configuration database. Cisco AR supports an upgrade path for both the Solaris or Linux versions of Cisco AR software. Configuration for Prepaid billing servers in Cisco AR 3.0 will no longer work in CAR 4.2.

  • Page 34: C H A P T E R 3 Upgrading Cisco Access Registrar Software

    Use the pkgadd command to install the CAR 4.2 software. Step 8 For detailed information about using the pkgadd command to install Cisco AR software, see “Installing Cisco Access Registrar 4.2 Software on Solaris.” Since you are upgrading, you will want to preserve your existing database. Note If you configured Cisco AR to use SNMP prior to upgrading, after installing CAR 4.2 software, you must...

  • Page 35: Software Upgrade Tasks

    Chapter 3 Upgrading Cisco Access Registrar Software If you have modified the snmpd.conf file in the /cisco-ar/ucd-snmp/share/snmp directory, you must Step 2 back up this file before doing the upgrade process. The pkgrm removes the snmpd.conf file, even if it has been modified.

  • Page 36: Using Pkgrm To Remove Cisco Access Registrar Solaris Software

    Software Upgrade Tasks [ //localhost/Radius/Replication ] RepType = None RepTransactionSyncInterval = 60000 RepTransactionArchiveLimit = 100 RepIPAddress = 0.0.0.0 RepPort = 1645 RepSecret = NotSet RepIsMaster = FALSE RepMasterIPAddress = 0.0.0.0 RepMasterPort = 1645 Rep Members/ Make sure that RepType is set to None. Step 3 If you made changes, issue the save command, then exit the aregcmd command interface.

  • Page 37: Removing The Cscoar Package

    Chapter 3 Upgrading Cisco Access Registrar Software 2973: terminated 2971: terminated, wait status 0x000f 2965: terminated Access Registrar Server Agent shutdown complete. # removing /etc/rc.d files # done with preremove. ## Removing pathnames in class <snmp> /opt/AICar1/ucd-snmp/share/snmp/snmpd.conf . <several hundred lines deleted> /opt/AICar1/bin/screen /opt/AICar1/bin /opt/AICar1/README...

  • Page 38: Using Uninstall-Ar To Remove Linux Software

    Software Upgrade Tasks Access Registrar Server Agent shutdown complete. # removing /etc/rc.d files # done with preremove. ## Removing pathnames in class <snmp> /opt/CSCOar/ucd-snmp/share/snmp/snmpd.conf /opt/CSCOar/ucd-snmp/share/snmp/snmpconf-data/snmptrapd-data/traphandle . <several hundred lines deleted> /opt/CSCOar/README /opt/CSCOar/.system/screen /opt/CSCOar/.system ## Removing pathnames in class <none> ## Updating system information. Removal of <CSCOar>...

  • Page 39: Installing The Cisco Access Registrar License File

    Chapter 3 Upgrading Cisco Access Registrar Software 4 processes left.3 processes left...2 processes left...k0 processes left.0 processes left Access Registrar Server Agent shutdown complete. Installing the Cisco Access Registrar License File CAR 4.2 uses a new licensing mechanism that enables you to activate all features in Cisco AR. During system initialization, the Cisco AR server sets up the licensing data model and activates all features.

  • Page 40: Installing Cisco Access Registrar Software From Cd-Rom

    This section describes the installation process immediately after you have issued the pkgadd command installing from CD-ROM or from downloaded software. Processing package instance <CSCOar> from </tmp> Cisco Access Registrar 4.2.1 [SunOS-5.9, official] Installing and Configuring Cisco Access Registrar, 4.2 Chapter 3 Upgrading Cisco Access Registrar Software Steps.
  • Page 41 Chapter 3 Upgrading Cisco Access Registrar Software (sparc) 4.2.1 Copyright (C) 1998-2008 by Cisco Systems, Inc. This program contains proprietary and confidential information. All rights reserved except as may be permitted by prior written consent. This package contains the Access Registrar Server and the Access Registrar Configuration Utility.
  • Page 42 No further interaction is required; the installation process should complete successfully and the arservagt is automatically started. Installing Cisco Access Registrar 4.2.1 [SunOS-5.9, official] as <CSCOar> ## Installing part 1 of 1. /opt/CSCOar/.system/add-example-config /opt/CSCOar/.system/run-ar-scripts /opt/CSCOar/.system/screen...

  • Page 43: Configuring Snmp

    Chapter 3 Upgrading Cisco Access Registrar Software inflating: /opt/CSCOar/jakarta-tomcat-4.0.6/webapps/tomcat-docs/RUNNING.txt inflating: /opt/CSCOar/jakarta-tomcat-4.0.6/webapps/tomcat-docs/security-manager-howto.html inflating: /opt/CSCOar/jakarta-tomcat-4.0.6/webapps/tomcat-docs/ssl-howto.html creating: /opt/CSCOar/jakarta-tomcat-4.0.6/work/ # setting up product configuration file /opt/CSCOar/conf/car.conf # linking /etc/init.d/arserver to /etc/rc.d files # setting ORACLE_HOME and JAVA_HOME variables in arserver # removing old session information # flushing old replication archive # creating initial configuration database Rollforward recovery using "/opt/CSCOar/data/db/vista.tjf"...

  • Page 44: Removing Old Vsa Names

    Upgrading Cisco Access Registrar Solaris Software ############################################################### A backup copy of your original configuration has been saved to the file: /opt/CSCOar/temp/10062.origconfig-backup If you need to restore the original configuration, enter the following command: mcdadmin -coi /opt/CSCOar/temp/10062.origconfig-backup ############################################################### Removing Old VSA Names The upgrade process provides an analysis of the configuration database, addition of new database elements, and a search for obsolete VSA names.

  • Page 45: Upgrading Cisco Access Registrar Linux Software

    Chapter 3 Upgrading Cisco Access Registrar Software to perform the update. The script is located in: /opt/CSCOar/temp/10062.manual-changes Review the script to make sure it does not conflict with any of your VSA changes. Make sure you modify the script, if necessary, before you attempt to run it. To run the update script, type: aregcmd -sf /opt/CSCOar/temp/10062.manual-changes ##############################################################...

  • Page 46: Installing Cisco Access Registrar Software From Cd-Rom

    Upgrading Cisco Access Registrar Linux Software cd /opt/CSCOar/bin arserver stop Waiting for these processes to die (this may take some time): AR RADIUS server running AR Server Agent running AR MCD lock manager running AR MCD server running AR GUI running 5 processes left.2 processes left.0 processes left Access Registrar Server Agent shutdown complete.

  • Page 47: Common Linux Installation Steps

    Summary : Access Registrar, a carrier-class RADIUS server build_tag: [Linux-2.6.20, official] Copyright (C) 1998-2008 by Cisco Systems, Inc. This program contains proprietary and confidential information. All rights reserved except as may be permitted by prior written consent. This package contains the Access Registrar Server and the Access Registrar Configuration Utility.
  • Page 48 Upgrading Cisco Access Registrar Linux Software Enter the directory where you have stored the CAR 4.2 license file. Step 5 Access Registrar provides a Web GUI. It requires J2RE version 1.4.* to be installed on the server. If you already have a compatible version of J2RE installed, please enter the directory where it is installed.

  • Page 49: Backup Copy Of Original Configuration

    Chapter 3 Upgrading Cisco Access Registrar Software inflating: /opt/CSCOar/jakarta-tomcat-4.0.6/webapps/tomcat-docs/security-manager-howto.html inflating: /opt/CSCOar/jakarta-tomcat-4.0.6/webapps/tomcat-docs/ssl-howto.html creating: /opt/CSCOar/jakarta-tomcat-4.0.6/work/ Preparing... 1:CSCOar relink arserver # flushing old replication archive # creating initial configuration database Rollforward recovery using "/opt/CSCOar/data/db/vista.tjf" started Thu Nov 06 11:51:29 2008 Rollforward recovery using "/opt/CSCOar/data/db/vista.tjf" finished Thu Nov 06 11:51:29 2008 # add-example-config y JAVA ROOT /nfs/insbu-cnstools/java-linux...

  • Page 50: Vsa Update Script

    Upgrading Cisco Access Registrar Linux Software Removing Old VSA Names The upgrade process provides an analysis of the configuration database, addition of new database elements, and a search for obsolete VSA names. When this is complete, a message like the following is displayed: ############################################################## Sometimes VSAs get renamed from version to version of AR.

  • Page 51: Configuring Snmp

    Chapter 3 Upgrading Cisco Access Registrar Software Record the location of the upgrade messages for future reference. Step 11 ############################################################## These upgrade messages are saved in: /opt/CSCOar/temp/10062.upgrade-log ############################################################## Configuring SNMP If you choose not to use the SNMP features of CAR, the installation process is completed. To use SNMP features, complete the configuration procedure described in Configuring SNMP If you choose not to use the SNMP features of CAR, the installation process is completed.
  • Page 52 Chapter 3 Upgrading Cisco Access Registrar Software Restarting Replication Installing and Configuring Cisco Access Registrar, 4.2 3-20 OL-17221-02...

  • Page 53: Configuring Cisco Access Registrar 4.2

    Configuring Cisco Access Registrar 4.2 This chapter describes how to configure a site. Cisco Access Registrar 4.1 is very flexible. You can choose to configure it in many different ways. In addition, you can write scripts that can be invoked at different points during the processing of incoming requests and/or outgoing responses.

  • Page 54: Installing And Configuring Cisco Access Registrar,

    Save your changes and reload your Cisco AR RADIUS server. Running aregcmd aregcmd is the command-line interface program used to configure the Cisco AR server. The aregcmd program is located in $INSTALL/usrbin. Installing and Configuring Cisco Access Registrar, 4.2 Chapter 4 Configuring Cisco Access Registrar 4.2 OL-17221-02...

  • Page 55: Changing The Administrator's Password

    Chapter 4 Configuring Cisco Access Registrar 4.2 Run the aregcmd command: Step 1 aregcmd Step 2 When asked for “Cluster,” press Enter. Step 3 Enter your administrator name and password. When you install CAR software, the installation process creates a default administrator called admin with the password aicuser.

  • Page 56: Creating Additional Administrators

    DefaultSessionManager~ = session-mgr-1 UserLists/ UserGroups/ Policies/ Clients/ Vendors/ Scripts/ Services/ SessionManagers/ ResourceManagers/ Profiles/ Rules/ Translations/ TranslationGroups/ RemoteServers/ Advanced/ Replication/ Installing and Configuring Cisco Access Registrar, 4.2 Chapter 4 Configuring Cisco Access Registrar 4.2 , description , and password jane testadmin OL-17221-02...

  • Page 57: Checking The System-Level Defaults

    Chapter 4 Configuring Cisco Access Registrar 4.2 Checking the System-Level Defaults Because this site does not use incoming or outgoing scripts, you do not need to change the scripts’ properties (IncomingScript and OutgoingScript). Since the default authentication and authorization properties specify a single user list, you can leave these unchanged as well (DefaultAuthenticationService and DefaultAuthorizationService).

  • Page 58: Displaying The Userlists

    Service. If the Service has its type set to local, the Service looks up the user’s entry in the specific UserList, and authenticates and/or authorizes the user. Installing and Configuring Cisco Access Registrar, 4.2 Chapter 4 Configuring Cisco Access Registrar 4.2 OL-17221-02...

  • Page 59: Displaying The Default Userlist

    Chapter 4 Configuring Cisco Access Registrar 4.2 Cisco AR, by default, specifies a Service called local-users that has the type local and uses the Default UserList (Figure Figure 4-1 Choosing Appropriate Services Displaying the Default UserList Use the cd command to change to UserLists/Default:...

  • Page 60: Deleting Users

    Cisco AR has three default UserGroups: Default—uses the script AuthorizeService to determine the type of service to provide the user. • Installing and Configuring Cisco Access Registrar, 4.2 Chapter 4 Configuring Cisco Access Registrar 4.2 4-9. from the Default UserList, enter: beth OL-17221-02...

  • Page 61: Configuring Clients

    Chapter 4 Configuring Cisco Access Registrar 4.2 PPP-users—uses the BaseProfile default-PPP-users to specify the attributes of PPP service to • provide the user. The BaseProfile default-PPP-users contains the attributes that are added to the response dictionary as part of the authorization. For more information about Profiles, see the “Configuring Profiles”...

  • Page 62: Configuring Profiles

    Use the cd command to change to the appropriate profile and attribute. cd /Radius/Profiles/Default-PPP-users/Attributes Use the set command to assign a value to the named attribute. Step 2 set Service-Type Framed Installing and Configuring Cisco Access Registrar, 4.2 4-10 Chapter 4 Configuring Cisco Access Registrar 4.2 OL-17221-02...

  • Page 63: Adding Multiple Cisco Av Pairs

    Chapter 4 Configuring Cisco Access Registrar 4.2 When you need to set an attribute to a value that includes a space, you must double-quote the value, as in the following: set Framed-Routing "192.168.1.0/24 192.168.1.1" Adding Multiple Cisco AV Pairs When you want to add multiple values to the same attribute in a profile, use the following command syntax: set <attribute>...

  • Page 64: Testing Your Configuration

    The radclient command prompts you for the administrator’s username and password (as defined in the Step 2 Cisco AR configuration). Use admin for the admin name, and aicuser for the password. Cisco Access Registrar 4.2.1 RADIUS Test Client Copyright (C) 1995-2008 by Cisco Systems, Inc. Logging in to localhost... done.

  • Page 65: Troubleshooting Your Configuration

    Chapter 4 Configuring Cisco Access Registrar 4.2 p001 send p002 Enter the response identifier to display the contents of the Access-Accept packet: Step 6 p002 Packet: code = Access-Accept, id = 1,\ length = 38, attributes = Login-IP-Host = 196.168.1.94...

  • Page 66: Configuring Snmp

    InputQueueLowThreshold = 60 MasterAgentEnabled = TRUE set Enabled TRUE Stopping the Master Agent You stop the Cisco AR SNMP master agent by stopping the CAR server. Installing and Configuring Cisco Access Registrar, 4.2 4-14 Chapter 4 Configuring Cisco Access Registrar 4.2 OL-17221-02...

  • Page 67: Modifying The Snmpd.conf File

    Chapter 4 Configuring Cisco Access Registrar 4.2 /opt/CSCOar/bin/arserver stop Modifying the snmpd.conf File The path to the snmpd.conf file is /cisco-ar/ucd-snmp/share/snmp. Use vi (or another text editor) to edit the snmpd.conf file. There are three parts of this file to modify: Access Control •...

  • Page 68: Trap Recipient

    Cisco AR supports the the Dynamic DNS protocol providing the ability to update DNS servers. The dynamic DNS updates contain the hostname/IP Address mapping for sessions managed by Cisco AR. Installing and Configuring Cisco Access Registrar, 4.2 4-16 hostname community port hostname community port Chapter 4 Configuring Cisco Access Registrar 4.2 OL-17221-02...
  • Page 69 Chapter 4 Configuring Cisco Access Registrar 4.2 You enable dynamic DNS updates by creating and configuring new Resource Managers and new RemoteServers, both of type dynamic-dns. The dynamic-dns Resource Managers specify which zones to use for the forward and reverse zones and which Remote Servers to use for those zones. The dynamic-dns Remote Servers specify how to access the DNS Servers.

  • Page 70: Testing Dynamic Dns With Radclient

    Manager. You can use radclient to confirm that dynamic DNS has been properly configured and is operational. To test Dynamic DNS using radclient, follow these steps: Installing and Configuring Cisco Access Registrar, 4.2 4-18 Chapter 4 Configuring Cisco Access Registrar 4.2 OL-17221-02...
  • Page 71 Chapter 4 Configuring Cisco Access Registrar 4.2 Launch aregcmd and log in to the Cisco AR server. Step 1 cd /opt/CSCOar/bin aregcmd Use the trace command to set the trace to level 4. Step 2 trace 4 Step 3 Launch radclient.
  • Page 72 Chapter 4 Configuring Cisco Access Registrar 4.2 Configuring Dynamic DNS Installing and Configuring Cisco Access Registrar, 4.2 4-20 OL-17221-02...

  • Page 73: Chapter 5 Customizing Your Configuration

    The following sections describe the process in more detail. OL-17221-02 C H A P T E R Chapter 4, “Cisco Access Registrar Server Objects,” Installing and Configuring Cisco Access Registrar, 4.2 of the Cisco Access Registrar 4.2...

  • Page 74: Creating And Setting Group Membership

    Configuring Groups Table 5-1 Configuring UserGroups Object UserGroups UserLists Creating and Setting Group Membership Step 1 Run the aregcmd command: aregcmd Use the cd command to change to the UserGroups object. Step 2 cd /Radius/UserGroups Use the add command to create a user group, specifying the name and optional description, BaseProfile, Step 3 AuthenticationScript, or AuthorizationScript.

  • Page 75: Configuring A Default Group

    Chapter 5 Customizing Your Configuration Configuring a Default Group If you allow users to request different Services based on how they specify their username, you can use a script to determine the type of Service to provide. For example, the user joe can request either PPP or Telnet Service by either logging in as This works because there are two scripts: ParseServiceHints and AuthorizeService.

  • Page 76: Configuring Multiple Userlists

    Configuring Multiple UserLists Use the set command to set the user’s group membership to the name of that group. The following Step 6 example sets beth set Group Default Use the save command to save your changes: Step 7 save Use the reload command to reload the server: Step 8 reload...

  • Page 77: Configuring Separate Userlists

    Chapter 5 Customizing Your Configuration Table 5-3 Configuring Separate UserLists Object UserLists Users Services Radius Scripts Configuring Separate UserLists Divide your site along organizational or company lines, and create a UserList for each unit. Creating Separate UserLists Step 1 Run the aregcmd command. aregcmd Use the cd command to change to UserLists.

  • Page 78: Configuring Services

    Configuring Multiple UserLists add beth telemarketing 123 TRUE PPP-users Repeat for the other users you want to add. Step 3 You can use the script, add-100-users, which is located in the /opt/CSCOar/examples/cli directory to automatically add 100 users. Configuring Services You must create a corresponding Service for each UserList.

  • Page 79: Client Scripting

    Chapter 5 Customizing Your Configuration In this situation, when the word North Authorization-Service. Note, the script overrides any existing default authentication and/or authorization specifications. For more information about writing scripts and the role the dictionaries play in Cisco AR, Note see the Cisco Access Registrar User Guide.

  • Page 80: Handling Multiple Scripts

    Configuring a Remote Server for AA Use the cd command to change to Scripts. Step 3 cd /Radius/Scripts Use the add command to add the new script, specifying the name, description, language, filename and Step 4 an optional entry point. If you do not specify an entry point, Cisco AR uses the script’s name. The following example specifies the name Extension), the filename add ParseUserName ""Rex libParseUserName.so ParseUserName...

  • Page 81: Configuring The Remote Server

    Chapter 5 Customizing Your Configuration Although these services differ in the way they handle authentication and authorization, the Note procedure for configuring a remote server is the same independent of its type. For more information about the differences between these servers, see the Cisco Access Registrar User Guide.

  • Page 82: Configuring Services

    Configuring a Remote Server for AA Use the set command to specify the protocol Step 5 set protocol ldap Use the set command to specify the required LDAP properties. Step 6 At the very least you must specify: • IPAddress—the IP address of the LDAP server (for example, •...

  • Page 83: Creating Services

    Chapter 5 Customizing Your Configuration Creating Services Run the aregcmd command: Step 1 aregcmd Use the cd command to change to the Services level: Step 2 cd /Radius/Services Use the add command to add the appropriate LDAP service. The following example adds the Step 3 service: remote-ldap...

  • Page 84: Changing The Authentication And Authorization Defaults

    Configuring a Remote Server for AA To have Cisco AR perform authentication and authorization against information from the LDAP server, you must change the DefaultAuthenticationService and DefaultAuthorizationService at the Radius level. Changing the Authentication and Authorization Defaults Run the aregcmd command: Step 1 aregcmd Use the cd command to change to the Radius level:...

  • Page 85: Configuring Two Remote Servers

    Chapter 5 Customizing Your Configuration Figure 5-2 Using a Script to Choose a Remote Server Request Table 5-5 provides an overview of the process. The following sections describe the process in more detail. Repeat for each RemoteServer you want to configure. Table 5-5 Configuring Multiple Remote Servers Object...

  • Page 86: Configuring Services

    Configuring a Remote Server for AA Use the cd command to change to the North RemoteServers level: Step 4 cd /Radius/RemoteServers/North Use the set command to specify the protocol Step 5 set protocol radius Use the set command to specify the Step 6 set SharedSecret 789 Repeat these steps for the other remote servers.

  • Page 87: Configuring The Script

    Chapter 5 Customizing Your Configuration Create another Service (SouthUsers-radius) for the South remote server. Step 7 Configuring the Script When you have multiple RemoteServers, you need a script that determines the authentication and/or authorization Service, which in turn specifies the RemoteServer to check when a user makes an Access-Request.

  • Page 88: Configuring Session Management

    Configuring Session Management Configuring Session Management You can use session management to track user sessions, and/or allocate dynamic resources to users for the lifetime of their sessions. You can define one or more Session Managers, and have each one manage the sessions for a particular group or company.

  • Page 89: Configuring A Session Manager

    Chapter 5 Customizing Your Configuration Run the aregcmd command: Step 1 aregcmd Step 2 Use the cd command to change to the ResourceManagers level: cd /Radius/ResourceManagers Use the add command to add a new ResourceManager. The following example adds the Step 3 ResourceManager rm-100: add rm-100...

  • Page 90: Enabling Session Management

    Configuring Session Management Use the set command to specify the ResourceManagers you want tracked per user session. Specify a Step 5 number and the name of the ResourceManager. Note, you can list the ResourceManager objects in any order. set 1 rm-100 Enabling Session Management Cisco AR, by default, comes configured with the sample SessionManagement session-mgr-1.

  • Page 91: I N D E X

    Symbols %PPP %Telnet /localhost /opt/AICar1/usrbin Access control 4-15 Access Registrar add command configuration validation 4-11 health saving changes system defaults Access Registrar User’s Guide Accounting setting up 4-13 add command Adding users Administrators additional Admin password changing aicuser Application commands AR-4.2-1000TPS AR-4.2-100TPS AR-4.2-2000TPS...
  • Page 92 Index Configuring clients Configuring UserGroups count-sessions command DefaultAccountingService DefaultAuthenticationService 4-4, 5-12 DefaultAuthorizationService 4-4, 5-12 Default ports default-PPP-users 4-9, 4-10 DefaultSessionManagment DefaultSessionService default-SLIP-users 4-10 default-Telnet-users 4-9, 4-10 Default UserList delete command Deleting users Displaying License Information Displaying UserGroups DNS environment 4-16 Dynamic DNS configuring 4-16...
  • Page 93 Launching aregcmd LDAP properties 5-10 server configuration 5-10 service 5-11 License file location local service 4-6, 5-6 local-users login command Login conventions logout command ls command Master agent stopping 4-14, 4-16 MultipleServersPolicy 5-6, 5-11, 5-14 adding shared secret 5-16 Navigation commands next command Object commands ODBC...
  • Page 94 Index Sample users save command 4-2, 4-11, 5-2, 5-4, 5-8, 5-12, 5-15, 5-18 Saving 4-11 Saving changes Scripting Point Scripts choosing location handling multiple send command 4-12 Server commands Server health Server virtualization Service type ldap 5-11 type local 4-6, 5-6 type radius 5-14 Session Management...

Table of Contents