Checking The System-Level Defaults; Checking The Server's Health; Selecting Ports To Use - Cisco Access Registrar 4.2 Installation And Configuration Manual

Chapter 4 Configuring Cisco Access Registrar 4.2

Checking the System-Level Defaults

Because this site does not use incoming or outgoing scripts, you do not need to change the scripts'
properties (IncomingScript and OutgoingScript).
Since the default authentication and authorization properties specify a single user list, you can leave
these unchanged as well (DefaultAuthenticationService and DefaultAuthorizationService). And because
you have decided to use a file for accounting information, you can leave this property unchanged
(DefaultAccountingService).
Session management, however, is on by default (DefaultSessionManager). As you do not want to use
session management, you must disable it. Use the set command, enter DefaultSessionManager, then
specify an empty string by entering a set of double quotes:
When you do not want Cisco AR to monitor resources for user sessions, you should disable
Note
session management because using it affects your RADIUS server performance.
You have now configured some of the properties for the RADIUS server. The next step is to add users.

Checking the Server's Health

To check the server's health, use the aregcmd command status. The following issues decrement the
server's health:
•
Note
•
•
•
•
•
Cisco AR logs all of these conditions. Sending a successful response to any packet increments the
server's health.

Selecting Ports to Use

By default, Cisco AR uses well-known ports 1645 and 1646 for TCP/IP communications. Access
Registrar can be configured to use other ports, if necessary. If you add additional ports, however, Access
Registrar will use the added ports and no longer use ports 1645 and 1646. These ports can still be used
by adding them to the list of ports to use.
OL-17221-02
set DefaultSessionManager ""
Rejection of an Access-Request
One of the parameters in the calculation of the Cisco AR server's health is the percentage of
responses to Access-Accepts that are rejections. In a healthy environment, the rejection
percentage will be fairly low. An extremely high percentage of rejections could be an indication
of a Denial of Service attack.
Configuration errors
Running out of memory
Errors reading from the network
Dropping packets that cannot be read (because the server ran out of memory)
Errors writing to the network.
Installing and Configuring Cisco Access Registrar, 4.2
Configuring a Basic Site
4-5