|
|
This chapter presents operations and maintenance tasks for the application Cisco Access Registrar (AR), Release 1.7, as it relates to the Cisco ASAP Solution only.
 |
Note This chapter does not apply to the Cisco SS7 Interconnect for Voice Gateways Solution. |
Tips for troubleshooting Cisco AR are provided in "Troubleshooting the Cisco Access Registrar."
Cisco AR supports RADIUS proxy where, instead of directly authenticating and authorizing users against a directory, the server selectively proxies the AAA request to another service provider's RADIUS server or a customer RADIUS server that authenticates and authorizes users against another directory or database.
This chapter presents the following major operations and maintenance topics:
 |
Tip See also Task Summary. |
The Cisco Access Registrar application manages the following components of the Cisco ASAP Solution: Cisco AS5000 series.
For detailed information about how to install and configure the Cisco AR, see the Cisco Access Registrar 1.7 Installation and Configuration Guide:
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cnsar/1_7/install/index.htm
For description of the Cisco AR components and how to use them, including information of how to use the Cisco AR as a proxy server and details about the using the aregcmd and radclient commands, refer to the Cisco Access Registrar 1.7 User's Guide at the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cnsar/1_7/users/index.htm
For description of the concepts in the Cisco AR, including understanding RADIUS, authentication and authorization, and accounting refer to the Cisco Access Registrar 1.7 Concepts and Reference Guide at the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cnsar/1_7/referenc/index.htm
For description of features and functions that were implemented in the Cisco AR Release 1.7, refer to the Cisco Access Registrar 1.7 Release Notes:
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cnsar/1_7/relnote/index.htm
The tasks in this chapter are listed below, grouped by major category.
To either install or upgrade the Cisco AR, you have the follow options:
For detailed procedures of how to implement any of these options, refer to Chapter 1, "Installing Cisco Access Registrar" and Chapter 2, "Upgrading Cisco Access Registrar," of the Cisco Access Registrar 1.7 Installation and Configuration Guide.
Summary | |
Target Platform(s) | Cisco AS5000 series |
Application | Cisco AR |
Frequency | When installing Cisco AR for the first time |
Cisco Access Registrar 1.7 Installation and Configuration Guide
For all related documentation, see References.
To configure the Client object and a NAS for the Cisco AR:
Step 2 Read the section Configuring Clients and follow the steps to add NASs.
Summary | The Profiles object allows you to set specific RFC-defined attributes that Cisco AR returns in the Access-Accept response. You can use profiles to group attributes that belong together. |
Target Platform(s) | Cisco AS5000 series |
Application | Cisco AR |
Frequency | When configuring Cisco AR for the first time or modifying existing configurations when necessary |
Cisco Access Registrar 1.7 Installation and Configuration Guide
For all related documentation, see References.
For adding or modifying RADIUS attributes:
Step 2 Read the section Configuring Profiles and follow the steps to change RADIUS attributes.
Summary | The aregcmd commands are command-line based configuration tools. These commands allow you to set any Cisco AR configuration option, as well as start and stop the Cisco AR RADIUS server and check its statistics. The radclient command is a RADIUS server test tool. It enables you to create packets, send them to a specific server, and examine the response. Use the save and reload of the aregcmd commands to save and reload the configuration changes you made. Use the radclient command to send a test packet. |
Target Platform(s) | Cisco AS5000 series |
Application | Cisco AR |
Frequency | When installing Cisco AR for the first time |
Cisco Access Registrar 1.7 User's Guide
For all related documentation, see References.
Once you have configured some users and a NAS, you can validate and test your configuration as follows:
Step 2 Use the reload command to reload your server.
Step 3 Run the radclient command to send a test packet.
Step 4 For syntax and description of these command, see Chapter 2, "Using aregcmd Commands," and Chapter 4, "Using the radclient Command," of the Cisco Access Registrar 1.7 User's Guide.
Summary | |
Target Platform(s) | Cisco AS5000 series |
Application | Cisco AR |
Frequency | As needed |
Cisco Access Registrar 1.7 Installation and Configuration Guide
For all related documentation, see References.
To configure groups:
Step 2 Read the section Configuring Groups.
Step 3 As appropriate, follow the steps in one or more of the following sections:
a. Configuring Specific Groups
b. Configuring a Default Group
Summary | |
Target Platform(s) | Cisco AS5000 series |
Application | Cisco AR |
Frequency | As needed |
Cisco Access Registrar 1.7 Installation and Configuration Guide
For all related documentation, see References.
To configure multiple UserLists:
Step 2 Read the section Configuring Multiple UserLists.
Step 3 As appropriate, follow the steps in one or more of the following sections:
a. Configuring Separate UserLists
b. Configuring Users
c. Configuring Services
d. Creating the Script
e. Configuring the Script
Summary | If you want to divide the tasks of authentication and authorization to another RADIUS server or an LDAP server, you use the RemoteServer object to specify the properties of the remote server to which Services proxy requests are sent. The remote servers you specify at this level are referenced by name from the RemoteServers list in the Services objects. |
Target Platform(s) | Cisco AS5000 series |
Application | Cisco AR |
Frequency | As needed |
Cisco Access Registrar 1.7 Installation and Configuration Guide
For all related documentation, see References.
To configure a remote RADIUS server:
Step 2 Read the section Configuring a Remote Server for AAA.
Step 3 As appropriate, follow the steps in one or more of the following sections:
a. Configuring the Remote Server
b. Configuring Services
c. Changing the Authentication and Authorization Defaults
d. Configuring Two Remote Servers
e. Configuring the Script
Summary | Session management can be used to track user sessions and allocate dynamic resources to users for the lifetime of their sessions. You can define one or more Session Managers, and have each one manage the sessions for a particular group or company. |
Target Platform(s) | Cisco AS5000 series |
Application | Cisco AR |
Frequency | As needed |
Cisco Access Registrar 1.7 Installation and Configuration Guide
For all related documentation, see References.
To configure session management on the Cisco AR:
Step 2 Read the section Configuring Session Management.
Step 3 As appropriate, follow the steps in one or more of the following sections:
a. Creating a Resource Manager
b. Configuring a Session Manager
c. Enabling Session Management
Summary | After installation of the Cisco AR, you can verify that the server is running correctly with the arstatus command. Successfully running this command ensures that you can communicate with the database, communicate with the RADIUS server, and determine whether the server is running or stopped. |
Target Platform(s) | Cisco AS5000 series |
Application | Cisco AR |
Frequency | When installing Cisco AR for the first time or as needed. |
Cisco Access Registrar 1.7 Installation and Configuration Guide
For all related documentation, see References.
To check if the Cisco AR servers are running:
>arstatusRADIUS server running (pid: 649)
MCD server running (pid: 648)
Server Agent running (pid: 647)
MCD Lock Manager running (pid: 651)
Step 2 If the servers are not running, do the following:
a. Become superuser (su).
b. Change to the /etc/init.d directory.
c. Type the arservagt command with the start argument:
Summary | After verifying that the Cisco AR is running, you can log in to the server. |
Target Platform(s) | Cisco AS5000 series |
Application | Cisco AR |
Frequency | When installing Cisco AR for the first time or as needed |
Cisco Access Registrar 1.7 Installation and Configuration Guide
For all related documentation, see References.
To log into the Cisco AR server:
Step 2 The Cisco Access Registrar prompts you for the cluster. Type the cluster name or press Enter for localhost.
Step 3 The Cisco AR prompts you for the admin login and password. Use admin for the admin name, and aicuser for the password.
Step 4 The Cisco AR prompts you to enter a valid license key. Enter the license key that is located on the back of the Cisco Access Registrar CD case.
Summary | Logging messages through syslog provides centralized error reporting for Cisco AR. Local logging and syslog logging can be turned on or off at any time by modifying the control flags in the $INSTALLPATH/conf/aic.conf file. Logging syslog messages requires a UNIX host running a syslog daemon as a receiver for Cisco AR messages. The Cisco AR and the syslog daemon can be running on the same host or different hosts. |
Target Platform(s) | Cisco AS5000 series |
Application | Cisco AR |
Frequency | As needed |
Cisco Access Registrar 1.7 User's Guide
For all related documentation, see References.
To configure, modify, or manage syslog messages for the Cisco AR:
Step 2 Read the sections Configuring Message Logging, Changing Log Directory, Configuring syslog Daemon (syslogd), and Managing the Syslog File.
Step 3 As appropriate, follow the steps in one or more of the following:
a. Creating a Log File
b. Restarting syslogd
c. Managing the Syslog File
Summary | The Cisco AR collects and stores the information contained in Accounting Start and Accounting Stop messages. When a NAS (UG) that uses accounting begins a session, it sends an Accounting Start packet describing the type of service and the user being connected to the Cisco AR server. When the session ends, the NAS sends an Accounting Stop packet to the AR server describing the type of service that was delivered. The Accounting Stop packet might also contain statistics such as elapsed time, input and output octets, or input and output packets. |
Target Platform(s) | Cisco AS5000 series |
Application | Cisco AR |
Frequency | As needed |
Cisco Access Registrar 1.7 Concepts and Reference Guide
For all related documentation, see References.
To set up and manage accounting using Cisco AR:
Step 2 Read the sections Understanding Access Registrar Accounting, Setting Up Accounting, and Accounting Log File Rollover.
Step 3 As appropriate, follow the steps in one or more of the following:
a. Setting Up Accounting
b. Configuring Accounting
Summary | The aregcmd commands are command-line based configuration tools. These commands allow you to set any Cisco AR configuration option, as well as start and stop the Cisco AR RADIUS server and check its statistics. |
Target Platform(s) | Cisco AS5000 series |
Application | Cisco AR |
Frequency | As needed |
Cisco Access Registrar 1.7 User's Guide
For all related documentation, see References.
|
Note For the syntax and description of these commands, see Chapter 2, "Using aregcmd Commands," of the Cisco Access Registrar 1.7 User's Guide. |
To modify existing configuration of the Cisco AR or to modify values for properties, use the following aregcmd commands:
Step 2 use the delete command to remove an element from the configuration.
Step 3 Once you made changes to the your configuration, use save and reload commands to implement the changes you made.
Step 4 Use the set command to provide values for properties on existing configuration elements or to order servers in a list.
Step 5 Use the unset command to remove items from an ordered list.
Step 6 Use the insert command to add an item anywhere in ordered list.
Summary | The aregcmd commands are command-line based configuration tools. These commands allow you to set any Cisco AR configuration option, as well as, start and stop the Cisco AR RADIUS server and check its statistics. |
Target Platform(s) | Cisco AS5000 series |
Application | Cisco AR |
Frequency | As needed |
Cisco Access Registrar 1.7 User's Guide
For all related documentation, see References.
|
Note For the syntax and description of these commands, see Chapter 2, "Using aregcmd Commands," of the Cisco Access Registrar 1.7 User's Guide. |
To manage your Cisco AR server, use the following aregcmd commands:
Step 2 Use save command to validate the changes you made and commit them to the configuration database.
Step 3 Use the validate command to check the consistency and validity of the specified server's configuration.
Step 4 Use the start command to enable the server to handle requests.
Step 5 Use the star and stop commands to stop server from accepting requests.
Step 6 Use the reload command to load the configuration changes.
Step 7 Use the status command to see whether or not the specified server has been started.
Step 8 Use the stat command to view statistical information on the specified server.
Step 9 Use the query-sessions command to query the server about the currently active user sessions.
Step 10 Use the release-sessions to request the server to release one or more currently active user sessions.
Step 11 Use the help command to display a brief overview of the command syntax.
Summary | .To ensure a consistent backup, Cisco AR uses a shadow backup facility. Once a day, at a configurable time, Cisco AR suspends all activity to the database, and takes a snapshot of the critical files. This snapshot is guaranteed to be a consistent view of the database, and it is preserved correctly on a system backup tape. The backup can be do either through the system Registry at $INSTALL/conf/aic.conf or using mcdshadow utility located in the $INSTALL1/usrbin directory. |
Target Platform(s) | Cisco AS5000 series |
Application | Cisco AR |
Frequency | As needed |
Cisco Access Registrar 1.7 User's Guide
For all related documentation, see References.
To back up the Access Registrar database either using a configurable time or using the mcdshadow utility:
Step 2 Read and follow the steps in the following sections:
a. Configuration
b. Recovery
Summary | The nasmonitor command is used to query a TCP port at the specified IP address until the device (universal gateway) is reachable. If the universal gateway (UG) is not reachable after period of time, a warning E-mail is sent; if the UG is still not reachable after another period of time, a message is sent to the Cisco AR to release all sessions associated with that UG. |
Target Platform(s) | Cisco AS5000 series universal gateways |
Application | Cisco AR |
Frequency | As needed. |
Cisco Access Registrar 1.7 User's Guide
For all related documentation, see References.
To check if NAS (UG) is reachable by the Cisco AR use the following nasmonitor command:
Step 2 Read the section NAS Monitor and follow the steps.
Posted: Tue Jul 9 11:31:11 PDT 2002
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.