Configuring a Remote Server for AA
To have Cisco AR perform authentication and authorization against information from the LDAP server,
you must change the DefaultAuthenticationService and DefaultAuthorizationService at the Radius
level.
Changing the Authentication and Authorization Defaults
Run the aregcmd command:
Step 1
Use the cd command to change to the Radius level:
Step 2
Step 3
Use the set command to change the DefaultAuthentication:
Use the set command to change the DefaultAuthorization:
Step 4
Use the save command to save your changes:
Step 5
Step 6
Use the reload command to reload the server:
Configuring Multiple Remote Servers
All of the sites described so far in this chapter have used a single server for authentication and
authorization; either the local RADIUS server or a remote LDAP server.
You can configure multiple remote servers to use the same Service, or multiple remote servers to use
different Services.
and how to employ a script to determine which one to use.
Installing and Configuring Cisco Access Registrar, 4.2
5-12
aregcmd
cd /Radius
set DefaultAuthentication remote-ldap
set DefaultAuthorization remote-ldap
save
reload
Figure 5-2
shows how to use multiple servers for authentication and authorization,
Chapter 5
Customizing Your Configuration
OL-17221-02