Cisco Systems 3.5 manual Basic Authentication and Authorization

Page 17

Chapter 1 Overview

Basic Authentication and Authorization

Figure 1-2 Proxying to an LDAP Server for Authentication

user=joe

password=xyz

1

6

NAS

request 2

5

response

3

Access

registrar

4

LDAP

Authorization

accounting

Authentication

22035

Basic Authentication and Authorization

This section provides basic information about how Cisco Access Registrar performs the basic RADIUS functions of authentication and authorization as defined in Internet RFC 2865.

Authentication—determining the identity of a user of a client NAS through user identification and password validation and deciding whether to grant access

Authorization—determining the level of network services available to authenticated users after a connection has been established

The Cisco Access Registrar (AR) server provides authentication and authorization service to clients which are network access servers (NAS). The following paragraphs describe the steps to a connection.

1.The process begins when user dials into the NAS and enters a user name and a password. The NAS creates an Access-Request containing attributes such as the user's name, the user's password, the ID of the client, and the Port ID the user is accessing.

2.The Cisco AR server determines which hardware (client NAS) sent the request, parses the packet, and determines whether to accept the request.

The Cisco AR server checks to see if the client's IP address is listed in /Radius/Clients/<Name>/<IPAddress>.

3.After accepting the request, the Cisco AR server does the following:

Sets up the Request Dictionary based on the packet information

Runs any incoming scripts (user-written extensions to Cisco Access Registrar)

An incoming script can examine and change the attributes of the request packet or the environmental variables which can affect subsequent processing.

Based on default values or scripts, it chooses a service to authenticate and authorize the user.

The Cisco AR server directs the request to the appropriate service, which then performs authentication and/or authorization according to the type specified in /Radius/Services/<Name>/<Type>.

Performs session management, directing the request to the appropriate Session Manager.

Cisco Access Registrar 3.5 Concepts and Reference Guide

 

OL-2683-02

1-5

 

 

 

Page 16 Page 18
Image 17
Page 16 Page 18
Contents Corporate Headquarters Cisco Access Registrar 3.5 Concepts and Reference GuideCisco Access Registrar 3.5 Concepts and Reference Guide Iii N T E N T SSession-Service Service Step and Radius-Session Service Replication’s Impact on Request Processing IPAddress Port Understanding Snmp Vii Accounting Start Data FlowViii World Wide Web Obtaining DocumentationOrdering Documentation Obtaining Technical AssistanceDocumentation Feedback Cisco.comContacting TAC by Telephone Contacting TAC by Using the Cisco TAC WebsiteTechnical Assistance Center Xii Radius Protocol OverviewPacket Exchange Between User, NAS, and Radius Steps to ConnectionTypes of Radius Messages Packet ContentsAttribute Dictionary Proxy ServersProxying to an Ldap Server for Authentication Basic Authentication and AuthorizationOverview Basic Authentication and Authorization Cisco Access Registrar Hierarchy Understanding Cisco Access RegistrarUserLists and Groups ServicesProfiles ScriptsSession Management Using Resource Managers Subdirectory Description Cisco AR Directory StructureProgram Flow Client or NAS Scripting Points Scripting PointsCisco AR Server Action Explanation Action ExplanationRadius/Advanced/RequireNASsBehindProxyBeInClie Authentication and/or Authorization Scripting PointsFailover by the NAS and Session Management Session ManagementIncoming Scripts Authentication/Authorization ScriptsScript Processing Hierarchy Outgoing Scripts Cross Server Session and Resource ManagementOverview Configuring a Front Line Cisco Access Registrar Session-Service Service Step and Radius-Session ServiceConfigure Central AR OL-2683-02 AltigaIncomingScript Using Cisco AR ScriptsACMEOutgoingScript AltigaOutgoingScript AuthorizeServiceANAAAOutgoing AscendIncomingScriptCabletronIncoming AuthorizeTelnetCabletronOutgoing CiscoIncomingExecDNISRule ExecTimeRuleExecFilterRule ExecNASIPRuleMapSourceIPAddress LDAPOutageParseAAARealm ParseAAASRealmParseServiceAndAAASRealmHints ParseServiceAndAAARealmHintsParseServiceAndAARealmHints ParseServiceAndAASRealmHintsParseTranslationGroupsByCLID ParseServiceHintsParseTranslationGroupsByDNIS ParseTranslationGroupsByRealmUSROutgoingScript Replication Overview Understanding ReplicationMaster Server How Replication WorksReplication Data Flow Replication Archive SecurityEnsuring Data Integrity Slave ServerAutomatic Resynchronization Transaction Data VerificationTransaction Order Understanding Hot-Configuration Replication Configuration SettingsFull Resynchronization Replication’s Impact on Request ProcessingRepTransactionSyncInterval RepTypeRepTransactionArchiveLimit MasterRepPort RepIPAddressRepSecret RepIPMasterRep Members/Slave1 Rep Members SubdirectoryName IPAddressSupported MIBs OverviewRADIUS-AUTH-SERVER-MIB Snmp TrapsCarServerStart Supported TrapsCarServerStop CarInputQueueFullCarOtherAccServerNotResponding CarOtherAuthServerNotRespondingCarOtherAuthServerResponding CarOtherAccServerResponding Configuring TrapsCarAccountingLoggingFailure Directories SearchedSwitching Configuration Files in Mid-File Configuration File TypesCommunity String OL-2683-02 Prepaid Billing Solution Measurements and Component Actions Configuring Prepaid Billing Call Flow Details Generic Call FlowAttribute Number Attribute Name Description Access-Request AuthenticationAccess-Accept Authorization Access-Accept AuthenticationAccess-Request Authorization Attribute Number Attribute Name Accounting StartData Flow Accept-Accept Quota Depleted Access-Request Quota DepletedAccounting Response Final Status Accounting Stop Session EndSource VSA Name Type Call Flow Description Vendor-Specific AttributesTotal Volume quota received by Crbprivate GL-1 O S S a R YGL-2 Scalable wholesale access/open access solutionGL-3 GL-4 GL-5 GL-6 GL-7 GL-8 GL-9 GL-10 IN-1 RadiusIN-2 RFCIN-3 IN-4
Related manuals
Manual 180 pages 47.88 Kb

3.5 specifications

Cisco Systems 3.5 is an advanced version of Cisco's renowned networking and security solutions. This iteration showcases significant enhancements in performance, scalability, and security, making it a preferred choice for enterprises aiming to optimize their network operations and bolster their cybersecurity posture.

One of the main features of Cisco Systems 3.5 is its enhanced network automation capabilities. Automation streamlines network management, allowing organizations to apply consistent policies across their infrastructure while minimizing human error. This version employs advanced algorithms and machine learning to predict and rectify network issues proactively. With automation tools, network administrators can configure, monitor, and troubleshoot their networks with unprecedented efficiency.

Another notable characteristic of Cisco Systems 3.5 is its integration of artificial intelligence and machine learning into networking processes. The incorporation of AI enhances decision-making by analyzing vast amounts of network data, identifying patterns, and offering insights that help ensure optimal performance. This predictive analytics capability allows organizations to predict potential disruptions before they impact operations.

Security is a major focus in Cisco Systems 3.5. The platform introduces advanced threat detection and response systems that utilize deep learning to identify and mitigate emerging threats in real-time. Enhanced encryption protocols ensure that data transmitted over the network remains secure, protecting sensitive information from cyber threats. The integrated security features ensure compliance with various regulatory standards, a crucial requirement for businesses across multiple sectors.

The platforms' support for Software-Defined Networking (SDN) allows for dynamic resource allocation and traffic management. This flexibility enables organizations to adjust their network resources quickly in response to changing demands, leading to improved efficiency and reduced operational costs. Cisco Systems 3.5 also supports multicloud environments, facilitating seamless integration with cloud services such as AWS, Google Cloud, and Microsoft Azure.

Moreover, Cisco Systems 3.5 offers robust telemetry features, providing detailed real-time insights into network performance and health. This data-driven approach allows organizations to make informed decisions regarding capacity planning and resource optimization.

In summary, Cisco Systems 3.5 combines cutting-edge technologies such as AI, machine learning, and SDN to deliver a comprehensive networking solution. With its focus on automation, enhanced security, and multicloud support, this version is well-suited for modern enterprises looking to enhance their network infrastructure and security measures. As organizations continue to evolve in a digital-centric world, Cisco Systems 3.5 stands out as a critical tool to achieve connectivity and security goals effectively.
Top Page Image Contents