|
|
This chapter describes how to install the Cisco Subscriber Edge Services Manager (SESM) software and bundled components, including SPE. It includes the following topics:
This section describes prerequisites to installing SESM. It includes the following topics:
You can install SESM components on Sun Solaris, Linux, and Microsoft Windows platforms. See the "Supported Hardware Platforms" section for more information.
Table 5-1 shows RAM and disk space requirements for a single instance of each component in SESM. These requirements are approximately the same on the Sun Solaris and the Windows NT platforms.
| Component Name | Disk Space (MB) | RAM |
|---|---|---|
Jetty server | 1.5 | The Jetty server provides the J2EE application environment in which the SESM portal applications and CDAT execute. The application memory needs specified for NWSP and CDAT, below, include Jetty server usage. |
SESM portal applications (NWSP, WAP, and PDA) | 18.9 | RAM requirements increase relative to the number of subscribers logged in. The following numbers are approximations:
See the "Memory Requirements and CPU Utilization" section for memory utilization equations. |
Captive Portal | 2.0 | The Captive Portal installation includes the Captive Portal and Message Portal applications. |
RDP | 4.2 | The RDP uses the DESS cache. Memory requirements are roughly proportional to the login rate. See the "RDP Memory Requirements" section for more information. |
SPE components | 1.9 | N/A |
CDAT | 5.6 | RAM requirements increase proportionally to the number of objects stored in the directory. For most directory sizes, the 64 MB requirements of the operating system (OS) and other system software should be sufficient for heavily populated directories. |
This section describes the SESM requirements regarding the Java Runtime Environment (JRE) and the Java Development Kit (JDK). The section includes the following topics:
1. It searches for a JDK Version 1.2.2 that is already installed.
2. Failing that, it searches for a JRE Version 1.2.2 or later that is already installed.
3. Failing that, it installs and uses the bundled JRE Version 1.2.2.
To search for an existing JDK or JRE, the installation program looks in the following locations:
installImageName -is:javahome location
Where:
If you change the location of the JDK or JRE after installation, make the corresponding change in the following two startup files:
Table 5-2 shows the path names of the startup scripts that you must change.
| Platform | Generic Startup Script | RDP Startup Script |
|---|---|---|
Solaris and Linux | jetty/bin/start.sh | rdp/bin/runrdp.sh |
Windows | jetty\bin\start.cmd | rdp\bin\runrdp.cmd |
http://java.sun.com/products/j2se
On systems that will be used to customize an SESM application, we recommend that you install the JDK before you install SESM. In that way, the SESM installation program uses the JDK in the application startup scripts, rather than a JRE. The JDK is necessary for recompiling the changed JSPs. See the "Recompiling a Customized JSP" section for more information.
If you install the JDK after installing SESM, then you must:
The SESM installation program does not attempt to communicate with SSGs or RADIUS servers. Therefore, SSGs and RADIUS servers do not need to be configured and running for you to install SESM components.
However, you should be prepared to provide correct communication information about those network components during the installation. Otherwise, you must manually edit the configuration files at a later time for the SESM application to work correctly.
The installation program updates configuration files with information that you provide about the SSGs and RADIUS servers. Table 5-5 describes the configuration information that the installation program prompts you for.
If you are installing SESM in LDAP mode, the installation program establishes communication with your LDAP directory, if possible. This section includes the following topics:
If the installation program does not perform these tasks, you must do them at a later time before running an SESM web application or CDAT, as described in the "Extending the Directory Schema and Loading Initial RBAC Objects" section.
To install and configure NDS to work with SESM, perform the following steps. These instructions assume that you are installing NDS on a Solaris machine.
Step 1 Log on as super user.
Step 2 Create an NDS directory on the Solaris machine. A typical location is /usr/nds.
Step 3 If you have an NDS tar file, place it into the directory you just created and expand it.
Step 4 Run the installation file, which is located in:
/usr/nds/NDS8.5/Solaris/setup/nds-install
Step 5 The installation program prompts you to read and accept the License agreement.
Step 6 The installation program prompts you to choose the components to install, as follows:
1)NDS Server
2)Adminisration Utilities
3)Management Console for NDS (ConsoleOne)
In most cases, you should install all three components. To do so, enter:
1 2 3
Step 7 The installation program prompts you for the location of the license files. Enter:
/usr/nds/NDS8.5/licensefiles
 |
Note Refer to the NDS documentation if you do not have the license files. |
Step 8 The installation program installs the requested packages. Then it asks whether or not you want to install the Java Runtime Environment (JRE). The JRE is required for ConsoleOne, the NDS management console. If you do not already have a suitable JRE installed on the machine, enter:
yes
Step 9 The installation program opens the NDS server configuration file (/etc/ndscfg.inp) in a text editor. Use the editor to enter the following required information. Use the values shown below to ensure compatibility with SESM installation and sample data defaults:
Admin Name and Context: cn=admin.ou=sesm.o=cisco
Tree Name: sesm
Create NDS Tree: YES
Server Context: ou=sesm.o=cisco
Two additional fields (server IP address and Database Files directory) are optional. You do not need to enter values for them.
Step 10 Save the configuration file and quit the editor.
Step 11 The installation program prompts you for a password for the admin user. Enter any password.
|
Note The SESM installation program prompts you for the administrator name (admin) and this password when you install the SPE component. |
Step 12 The installation program concludes by prompting you to manually edit two environment variables:
PATH=$PATH:/usr/ldaptools/bin
MANPATH=$MANPATH:/usr/ldaptools/man
Step 13 Start ConsoleOne. Run the following file:
/usr/ConsoleOne/bin/ConsoleOne
Step 14 Authenticate to the NDS Directory as follows:
Upon successful authentication, the .SESM. icon appears in the right panel.
Step 15 Set the Allow Clear Text Passwords to true, as follows:
NDS
.SESM.
cisco
sesm
Step 16 Exit ConsoleOne and proceed to the SESM installation.
To install and configure iPlanet to work with SESM, perform the following steps. These instructions assume that you are installing iPlanet Version 5.0 on a Solaris machine.
Step 1 Log on as superuser.
Step 2 If you have a tar file, expand it.
Step 3 Execute the setup file. Follow the instructions in the setup program.
Step 4 When the program displays the following prompt, select the iPlanet Servers option.
1. iPlanet Servers
Installs iPlanet Servers with the integrated iPlanet Console onto your computer.
2. iPlanet Console
Installs iPlanet Console as a stand-alone Java application on your computer.
Step 5 In response to subsequent prompts to install components, select all components.
Step 6 When the program displays the following prompt, we recommend that you enter the standard port 389, rather than accepting the random default port. You must know this port number later in this procedure and also during SESM installation.
Directory server network port[nnnnn]: 389
Step 7 At the following prompt, accept the default value of admin.
iPlanet configuration directory server
administrator ID [admin]:
Password:
Password (again):
Enter the password of your choice. This user name and password has privileges to update the directory schema. You must enter this admin ID and password later in this procedure and also during SESM installation.
Step 8 When the program displays the following prompt, enter the value o=cisco.
Suffix [dc=]:o=cisco
Step 9 When the program displays the following prompt, accept the default value of Directory Manager.
Directory Manager DN [cn=Directory Manager]:
Password:
Password (again):
Enter the password of your choice. This user name and password has privileges to add objects to the cisco container you created in the previous step. You must enter this Directory Manager DN and password later in this procedure and also during SESM installation.
Step 10 When the program displays the following prompt, enter any port number. The configuration examples later in this procedure use the value 390.
Administration port [15197]:390
Step 11 When the program displays the following prompt, enter a user name or accept the default value (root).
Run Administration Server as [root]:
The installation process is complete. After successful installation, the iPlanet servers start automatically.
Step 12 Change the directory to:
/usr/iplanet/servers
Step 13 Execute the following program:
startconsol
A logon window appears.
Step 14 Log on as follows:
User ID:cn=Directory Manager
Password:
AdminURL:http//hostname:390
The iPlanet Console window appears.
Step 15 Expand the folders in the iPlanet Console window until the Directory Server object appears. Select Directory Server and click Open at the top right corner of the window.
An iPlanet Directory Server window appears.
Step 16 Right-click the cisco folder. Choose New
Org Unit from the pop-up menu.
Step 17 In the Name field, enter sesm and click OK.
Name:sesm
Step 18 Right-click the sesm object. Choose New
User from the pop-up menu. A Create New User window appears.
Step 19 Enter appropriate values. In the UserID field, enter admin. Click OK.
First Name:
Last Name:
Common Name:
UserID: admin
Password:
Step 20 Right-click the sesm object. Choose Set Access Permissions from the pop-up menu. The Manage Access Control window for ou=sesm,o=cisco appears.
Step 21 Click New. The Edit ACI window for ou=sesm,o=cisco appears.
Step 22 Enter any value for ACIName and click Add.
ACI Name :aciAdmin
The Add User & Group window appears.
Step 23 Enter the following value in the search field and click Search:
admin
The admin user appears in the top window.
Step 24 Select admin and click Add. The admin user appears in the bottom window. Click OK.
Step 25 Click Targets. Click This Entry. Click OK.
Step 26 Click OK in the Manage Access Control window.
Step 27 Exit iPlanet and proceed to the SESM installation.
You can install all SESM components together on the same machine (a typical installation), or you can install some components separately in a distributed manner (a custom installation). Table 5-3 describes components that must be installed together on the same machine. The installation program detects these dependencies and enforces the correct installation.
| SESM Mode | Component Dependencies |
|---|---|
RADIUS mode |
|
LDAP mode |
|
installDir
_uninst
uninstall.bin or uninstall.exe
The uninstall utility does the following:
After running the uninstall utility, you can safely reinstall one or more SESM components into the same directory.
|
Note Do not uninstall SESM by manually deleting the contents of the installation directory. If you do so, and then attempt a reinstall into the same directory, the installation might not be complete. If the installation is incomplete, see the "Incomplete Installation or Files Installed in Incorrect Directory" section for information. |
The installation images for SESM are available from the product CD-ROM or from the Cisco web site. This section includes the following topics:
The SESM installation program installs evaluation and licensed versions of SESM:
The license number is important when you are requesting technical support for SESM from Cisco. After installation, you can see your license number and the software version in the licensenum.txt file under the installation directory.
Step 1 Open a web browser and go to:
Step 2 Click the Login button. Enter your Cisco user ID and password.
To access the Cisco images from the CCO Software Center, you must have a valid Cisco user ID and password. See your Cisco account representative if you need help.
Step 3 Under Service and Support, click Software Center.
Step 4 Click Web Software.
Step 5 Click Cisco Subscriber Edge Services Manager.
Step 6 Download the appropriate image based on the platform you intend to use for hosting the SESM web application.
Copy and uncompress the tar or zip file to a temporary directory. When you uncompress the file, the results are:
Table 5-4 shows the names of the compressed and executable files.
| Platform | Compressed Filename | Executable Installation Filename |
|---|---|---|
Solaris | sesm-3.1.3-pkg-sol.tar | sesm_sol.bin |
Linux | sesm-3.1.3-pkg-linux.tar | sesm_linux.bin |
Windows NT | sesm-3.1.3-pkg-win32.zip | sesm_win.exe |
The installation program writes to parts of the file system or Windows registry that are only accessible to a privileged user. The outcome of the installation is unpredictable if you are not privileged.
Log on as a privileged user as follows:
You can install SESM using the following installation modes:
-console argument on the command line when you execute the installation image.option fileName argument on the command line when you execute the installation image.The following sections provide more details about performing installations in these modes.
The -log option on the installation command line turns on the installation logging feature.
solaris> sesm_sol.bin -log location @ALL
C:\> sesm_win.exe -options -log location @ALL
solaris> sesm_sol.bin
C:\> sesm_win.exe
To run in console mode, use the -console option on the command line.
solaris> sesm_sol.bin -console
C:\> sesm_win.exe -console
Examples of the .iss and .properties files are included in the installation download. You must modify both files to match your requirements before you start the installation.
To prepare for silent mode:
Step 1 Open the .properties and .iss files in any text editor.
|
Note Before you begin, you might need to obtain write access to the files. |
Step 2 Edit the values for each parameter in the file. Table 5-5 describes each parameter. Save and close the file.
Step 3 To turn on the installation logging feature for a silent mode installation, open the .iss file in any text editor. Remove the first pound sign (#) from the following line:
Step 4 Save and close the file.
To run in silent mode, use the -options option on the command line, as follows:
imageName -options issFileName
Where:
For example:
solaris> sesm_sol.bin -options mysesm.iss
C:\> sesm_win.exe -options mysesm.iss
Table 5-5 describes the installation and configuration parameters to enter during the installation process. Use the Value column in the table to record your planned input values.
You can change the value of any configuration parameter later by editing configuration files, as described in Chapter 4. You cannot change the values of the general installation parameters identified in the first part of the table.
| Category | Input Summary | Explanation | Value | ||
|---|---|---|---|---|---|
General installation parameters | Choose the type of installation:
Note Obtain your SESM license number from the License Certificate shipped with the CD-ROM or otherwise provided to you by your Cisco account representative. If you have not yet received a Certificate, choose one of the Evaluation modes. The licensenum.txt file in your root installation directory records your license number and the software version number you installed. This information is important when you access Cisco technical support for this product. |
| |||
License agreement | Read the displayed license agreement to ensure that you agree with the terms of the license. You must accept the agreement to proceed with installation. |
| |||
Note You must have write privileges to the installation directory. To specify the installation directory, you can accept the displayed default installation directory, click Browse to find a location, or type the directory name in the box. The default installation directories are:
|
| ||||
General installation parameters (continued) | Select one of the following:
|
| |||
Specify the port on which the container (the J2EE web server) for the SESM portal applications will listen for HTTP requests from subscribers. The installation program updates the application startup scripts for NWSP, WAP, and PDA to use this value. If you want to run these applications simultaneously, you must edit the start scripts to ensure that each application uses a different port. The displayed default value is port 8080. Tip Each web server running on the same machine must listen on its own unique port. If another web server or another instance of the SESM portal application is listening on 8080, change this value. The application startup script uses the application port number to derive two other port numbers:
application port - 80 + 443
8080 - 80 + 443 = 8443
application port + 100
8080 + 100 = 8180
|
| ||||
Note If you are installing SESM in Demo mode, you are finished with the installation. | |||||
|
Tip Use the show run command on the SSG host device to determine how SSG is configured. | Specify the port that SSG uses to listen for RADIUS requests from an SESM application. This value must match the value that was configured on the SSG host with the following command: The default value is 1812. |
| |||
Specify the shared secret used for communication between SSG and an SESM application. This value must match the value that was configured on the SSG host with the following command: The default value is |
| ||||
Enter the number of bits that SSG uses for port bundling when the port-bundle host key feature is enabled. This value must match the value that was configured on the SSG host with the following command: ssg port-map length
We recommend using the value 4. A value of 0 indicates that the SSG is not using the port-bundle host key mechanism. Note The port-bundle host key feature was introduced in Cisco IOS Release 12.2(2)B. If you are using an earlier release, use a value of 0 in this field. The default value is 0. |
| ||||
When the port bundle size is 0, you must map SSGs to client subnets. The following category of parameters lets you map one client subnet for one SSG. You must manually edit the configuration file to:
See the "Associating SSGs and Subscriber Requests" section for more information. | |||||
One non-host key SSG | Enter the host name or IP address of the SSG host. |
| |||
Enter one client subnet address handled by this SSG. For example, 177.52.0.0. |
| ||||
Enter the mask that can be applied to subscriber IP addresses to derive their subnet. For example, 255.255.0.0. |
| ||||
Note If you are installing SESM in LDAP mode, skip the following two categories and continue with the "Directory server information" category later in this table. | |||||
SESM to RADIUS server communication | Enter the IP address or the host name of the primary RADIUS server. |
| |||
Primary AAA server port | Enter the port number on the primary RADIUS server host that the RADIUS server listens on. The default is 1812. |
| |||
Enter the IP address or the host name of the secondary RADIUS server. If you are not using a secondary RADIUS server, enter the same value used for the primary server. |
| ||||
Enter the port number on the secondary RADIUS server host that the RADIUS server listens on. If you are not using a secondary RADIUS server, enter the same value used for the primary server. |
| ||||
Enter the shared secret used between the RADIUS server and SESM. If you are using a primary and a secondary server, the shared secret must be the same for both servers. The default value is |
| ||||
Enter the password that the SESM application uses to request service profiles from RADIUS. It must match the service password values used in the service profiles in the RADIUS database. This password must also match the value that was configured on the SSG host with the following command: ssg service-password password
The service-password value must be the same on all of your SSGs. The default value is |
| ||||
Enter the password that the SESM application uses to request service group profiles from RADIUS. It must match the service group password values used in the service group profiles in the RADIUS database. The default value is |
| ||||
Note If you are installing SESM in RADIUS mode, you are finished with the installation. | |||||
Enter the IP address or the host name of the system on which the directory server is running. |
| ||||
Enter the port on which the directory server listens. |
| ||||
Enter a user ID that has permissions to extend the directory schema. Use cn or uid as appropriate. For example:
cn=admin, ou=sesm, o=cisco
uid=Directory Manager, ou=sesm, o=cisco
|
| ||||
Enter the password for the directory administrator. This is the password you entered during directory installation and configuration. For example: |
| ||||
Choose the component in distinguished name (dn) that your LDAP directory uses to allow access to the directory. Note The SESM sample data uses cn. If you choose uid, you must edit the sample data before loading it into the directory. See the "Loading Sample Data and Logging into CDAT for the First Time" section. |
| ||||
Note The installation program attempts to access the directory server, using the information you provided. If access is unsuccessful, the installation program displays a window with the header "Warning—Please confirm these options." Verify the information you entered and also verify that the directory server is running. If the directory is not running, you can continue the installation of SPE components by clicking the Ignore button on the warning window. However, if you click Ignore, the installation program cannot update the directory for SESM use. You must perform the updates at a later time before you run SESM web applications or CDAT. See the "Extending the Directory Schema and Loading Initial RBAC Objects" section for instructions. | |||||
Directory container information | Enter the organization and organizational unit that will hold the SESM service, subscriber, and policy information. Use the following format: ou=orgUnit,o=org
For example, the installation program's default values are: ou=sesm,o=cisco
The above defaults are the values used in the sample data file that is shipped with CDAT. |
| |||
Enter a user ID that has permissions to access and create objects in the organization and organizational unit named above. Use cn or uid as appropriate. For example: cn=admin,ou=sesm,o=cisco
uid=yourAdmin,ou=sesm,o=cisco
|
| ||||
Enter the password associated with the directory user ID. |
| ||||
Note The installation program attempts to access the container using the information you provided. If it is unsuccessful, a warning message appears, as described in the previous note. | |||||
Enter the port number on which the CDAT web server will listen. The default is 8081. |
| ||||
|
Configures RDP to SSG communication | Enter the IP address or host name of the RDP.
|
| |||
Enter the port on which the RDP will listen. The default is 1812. |
| ||||
Enter the shared secret to be used for communication between the SSGs and RDP when the restricted client feature is turned off. This value must match the value configured on the SSG host devices, using the following command: radius-server key SharedSecret
When the restricted client feature is turned off, the shared secret must be the same on all SSGs. When the restricted client feature is turned on, this attribute is ignored. Instead, you configure a specific shared secret for each client (each SSG). See the RDP MBean description in Table 6-6 for more information. The next set of prompts from the installation program lets you choose whether to turn the restricted client feature on or off. The default shared secret value is |
| ||||
Enter the password that RDP uses to request service profiles from the directory. This value must match two other configured values: 1. This password must match the value that was configured on the SSG host with the following command: ssg service-password password
2. This value must also match the service password value you entered for the SESM portal. See the SESM "Passwords" section. The default value is |
| ||||
Enter the password that RDP uses to request service group profiles from the directory. This password must match the group password value you entered for the SESM portal. See the SESM "Passwords" section. The default value is |
| ||||
| Enter the password that SSG uses to request next hop tables from RDP. This password must match the value that was configured on the SSG host with the following command: ssg next-hop download nextHopTableName password
The service-password value must be the same on all of the SSGs that communicate with this RDP server. The default is |
| |||
RDP Options | Choose this option to run RDP in proxy mode. RDP has two modes:
|
| |||
Choose this option if you want the SSG to perform automatic connections to services when a subscriber's profile includes the autoconnect attribute. When you choose this option, RDP includes the subscriber's service list and related information in replies to SSG. The service information consumes memory on the SSG device. Do not choose this option if space is a consideration on the SSG device. Instead, you can configure the SESM application to initiate automatic connections. See the "autoConnect" section for more information. |
| ||||
Choose this option if you want to turn on the RDP restricted client feature, which allows RDP to service requests only from a preconfigured list of clients. The RDP clients are SSGs. If you check this option, the installation program prompts for configuration information for one client. You must manually edit the rdp.xml file to add more clients. If you do not check this option, the RDP accepts requests from any client (any SSG). |
| ||||
If you choose the Add client option, the installation program prompts you for the following information about one RDP client. To add more clients, manually edit the rdp.xml file |
| ||||
RDP Client | Identifies the SSG. This value is used in logs and traces and does not have to match any other configured value. |
| |||
The IP address of the SSG. |
| ||||
The shared secret used for SSG to RDP communication. This value must match the value configured on the SSG devices, using the following command: radius-server key SharedSecret
|
| ||||
If you are doing a Custom installation and you checked the Captive Portal item, the installation program prompts you for the following information. Note Captive portal installation parameters must match TCP redirect configuration values on the SSG. The easiest way to ensure that values match in both places is to accept all of the default values presented during SESM captive portal installation. Then configure the SSG based on the example captiveportal/config/ssgconfig.txt file. See "Deploying a Captive Portal Solution,"for more information. | |||||
Enter the IP address of the hardware platform on which you are installing the captive portal solution. |
| ||||
Enter the port number on which the first listener in the captive portal web server will listen. This installation program sets up the captiveportal.jetty.xml file to create 7 listeners in the web server, as follows:
Later in this installation procedure, you are prompted for a port number for each of these listeners. The port you enter now is used as the default value for the first listener. Note If you use the same port number for more than one listener, some redirections will not work. Default: 8090 |
| ||||
Choose this option if you want to install the Message Portal application. The Message Portal application is an example of an SESM portal that provides content for:
For those redirection types, the default URIs displayed later in this installation procedure refer to pages in the Message Portal application. |
| ||||
If you choose the Message Portal option above, the installation program prompts you for the following information: | |||||
Message Portal Server Configuration | Enter the port number on which the Message Portal web server will listen. The Message Portal web server has one listener. Default: 8085 |
| |||
Choose this option if you want the Message Portal application to redirect the subscriber to the originally requested URL after the message duration time elapses. If you do not choose this option, the subscriber must enter an URL to leave the message page. Default: true |
| ||||
Portal for service and error redirections | Host | Enter the host name or IP address of the web server for the NWSP or other application that will respond to:
This value becomes the default value for the serviceportal.host system property in the captiveportal.xml file. |
| ||
Port | Enter the port number on which the web server named above will listen. This value becomes the default value for the serviceportal.port system property in the captiveportal.xml file. Default: 8080 |
| |||
Enable | Check this box to configure unauthenticated user redirections. |
| |||
Enter the port that the web server for the Captive Portal application will listen on for unauthenticated user redirections received from the SSG. The installation program displays the value that you entered earlier in the Captive Portal Port Number field. You can accept this default value. Note You must configure the SSG TCP redirect feature to send unauthenticated user redirections to this port. Default: 8090 |
| ||||
URL Out: Host URL Out: Port URL Out: URI | These fields define the URL to which browsers are redirected for unauthenticated user redirections. The default values reference the NWSP application.
|
| |||
Enable | Check this box to configure initial logon redirections. |
| |||
Enter the port that the Captive Portal web server will listen on for initial logon redirections. Note You must configure the SSG TCP redirect feature to send initial logon redirections to this port. Default: 8091 |
| ||||
URL Out: Host URL Out: Port URL Out: URI | These fields define the URL to which browsers are redirected for initial logon redirections. The default values reference the Message Portal application.
|
| |||
The length of time that the Message Portal application waits before attempting to redirect the browser to the user's originally requested URL. Default: 15 |
| ||||
Advertising Captivation | Enable | Check this box to configure advertising redirections. |
| ||
Enter the port that the Captive Portal web server will listen on for advertising redirections. Note You must configure the SSG TCP feature to send advertising redirections to this port. Default: 8092 |
| ||||
URL Out: Host URL Out: Port URL Out: URI | These fields define the URL to which browsers are redirected for advertising redirections. The default values reference the Message Portal application.
|
| |||
The length of time that the Message Portal application waits before attempting to redirect the browser to the user's originally requested URL. Default: 15 |
| ||||
Enable | Check this box to configure service redirections, including a default service redirection. |
| |||
Enter the port that the Captive Portal web server will listen on for default service redirections. Default service redirections are used for services whose address does not belong to the destination network of any of the specific service redirections Note You must configure the SSG TCP feature to send default service redirections to this port. Default: 8093 |
| ||||
First Service Redirect Port In Second Service Redirect Port In Third Service Redirect Port In | Enter the ports that the Captive Portal web server will listen on for service redirections for Service1, Service2, and Service3. Note You must configure the SSG TCP feature to send redirections to these ports. Defaults: 8094, 8095, 8096 |
| |||
URL Out | Enter the URL to which browsers are redirected for any type of service redirection. The default value references the NWSP application, as follows:
This installation program assumes that the same URL is used for all service redirections. You can change this default configuration in the captiveportal.xml file. There is no requirement that all service redirections use the same page, port, or application. |
| |||
Details for Service Redirection | Choose this option if you want the Captive Portal application to pass the service names to the content application that handles service redirections (NWSP in the default configuration). NWSP uses the service name to connect to the service. If you do not check this option, NWSP displays the page specified in the serviceNotGivenURI attribute in nwsp.xml. (The default installation setting for the serviceNotGivenURI attribute is the NWSP status page.) |
| |||
Redirect Service Names | Provide the service name as specified in the service profile. The default values provided in the installation program match services in the sample data installed with SESM. |
| |||
If you choose Proxy mode for RDP, then the installation process prompts you for the following RADIUS server information. | |||||
RDP to RADIUS communication | Enter the IP address or the host name of the primary RADIUS AAA server that you want RDP to communicate with. |
| |||
Enter the port number on the primary RADIUS server host that the RADIUS server listens on. |
| ||||
Enter the IP address or the host name of the secondary RADIUS server. If you are not using a secondary RADIUS server, enter the same value used for the primary server. |
| ||||
Secondary AAA server port | Enter the port number on the secondary RADIUS server host that the RADIUS server listens on. If you are not using a secondary RADIUS server, enter the same value used for the primary server. |
| |||
Enter the shared secret used between RDP and the RADIUS server. The shared secret must be the same for both servers. The default is |
| ||||
The installation program installs the components on your system. When it is finished installing the files, it displays an additional window about modifications to the LDAP directory. | |||||
Choose this option if you want the installation program to apply the SPE schema extensions to the LDAP directory. These extensions include the dess and auth classes and attributes. For more information about the extensions, see the Cisco Distributed Administration Tool Guide. If you do not choose this option, you must extend the directory schema later, before running the SESM application in LDAP mode and before logging into CDAT to create objects in the directory. See the "Extending the Directory Schema and Loading Initial RBAC Objects" section for more information. Note If you are installing the SPE components in multiple locations, you only need to extend the schema one time. |
| ||||
Choose this option if you want the installation program to load the top-level RBAC objects. If you do not choose this option, you must install RBAC objects later, before running an SESM application in LDAP mode and before logging into CDAT to create objects in the directory. See the "Extending the Directory Schema and Loading Initial RBAC Objects" section for more information. Note If you are installing the SPE components in multiple locations, you only need to install the RBAC objects one time. |
| ||||
The Cisco SESM installation directory contains the following subdirectories and files:
When you install SESM in LDAP mode, the installation directory contains the following additional directories:
This section outlines the steps to take after you successfully complete an installation.
Step 1 Perform all configuration activities listed in Table 2-2 (RADIUS mode) or Table 2-4 (LDAP mode).
Step 2 Add configuration information for additional SSGs, if the SSG port bundle host key feature is not used on the SSGs.
The SESM installation program caters to use of a single SSG or multiple SSGs with the host key feature. For multiple SSG support without the host key feature, you must configure the SSG to client subnet mapping. See the "Associating SSGs and Subscriber Requests" section for instructions.
Step 3 (Optional) If you installed the captive portal solution, see the "Additional Configuration Steps" section for instructions on configuring an SSG to work with the installed captive portal features.
Step 4 (Optional) If you installed the RDP server and turned on the restricted client feature, you might need to add more SSGs to the RDP's client list. The installation program accepts information for one client. You must edit the rdp.xml file to add additional clients. See the useClientList attribute in Table 6-6.
Step 5 Start an SESM portal application, start a web browser, and logon as described in "Running SESM Components."
See the "Configuring a Customized SESM Application" section for information about configuring a customized SESM portal applications.
Posted: Mon Aug 26 08:45:27 PDT 2002
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.
