Cisco Systems 3.5 manual UserLists and Groups, Profiles, Scripts, Services

Page 20

Chapter 2 Understanding Cisco Access Registrar

Cisco Access Registrar Hierarchy

UserLists and Groups

Cisco Access Registrar lets you organize your user community through the configuration objects UserLists, users, and UserGroups.

Use UserLists to group users by organization, such as Company A and Company B. Each list contains the actual names of the users.

Use users to store information about particular users, such as name, password, group membership, base profile, and so on.

Use UserGroups to group users by function, such as PPP, Telnet, or multiprotocol users. Groups allow you to maintain common authentication and authorization requirements in one place, and have them referenced by many users.

For more information about UserLists and UserGroups, refer to Access Registrar Server Objects in the Cisco Access Registrar User’s Guide.

Profiles

Cisco Access Registrar uses Profiles that allow you to group RADIUS attributes to be included in an Access-Accept packet. These attributes include values that are appropriate for a particular user class, such as PPP or Telnet user. The user’s base profile defines the user’s attributes, which are then added to the response as part of the authorization process.

Although you can use Group or Profile objects in a similar manner, choosing whether to use one rather than the other depends on your site. If you require some choice in determining how to authorize or authenticate a user session, then creating specific profiles, and specifying a group that uses a script to choose among the profiles is more flexible. In such a situation, you might create a default group and then write a script that selects the appropriate profile based on the specific request. The benefit to this technique is each user can have a single entry, and use the appropriate profile depending on the way they log in.

For more information about Profiles, refer to Access Registrar Server Objects in the Cisco Access Registrar User’s Guide.

Scripts

Cisco Access Registrar allows you to create scripts you can execute at various points within the processing hierarchy.

Incoming scripts—enable you to read and set the attributes of the request packet, and set or change the Environment dictionary variables. You can use the environment variables to control subsequent processing, such as specifying the use of a particular authentication service.

Outgoing scripts—enable you to modify attributes returned in the response packet.

For more information about Scripts, refer to Access Registrar Server Objects in the Cisco Access Registrar User’s Guide.

Services

Cisco Access Registrar uses Services to let you determine how authentication, authorization, and/or accounting are performed.

Cisco Access Registrar 3.5 Concepts and Reference Guide

2-2

OL-2683-02

 

 

Page 19 Page 21
Image 20
Page 19 Page 21
Contents Cisco Access Registrar 3.5 Concepts and Reference Guide Corporate HeadquartersCisco Access Registrar 3.5 Concepts and Reference Guide N T E N T S IiiSession-Service Service Step and Radius-Session Service Replication’s Impact on Request Processing IPAddress Port Understanding Snmp Accounting Start Data Flow ViiViii Obtaining Documentation World Wide WebObtaining Technical Assistance Ordering DocumentationDocumentation Feedback Cisco.comContacting TAC by Telephone Contacting TAC by Using the Cisco TAC WebsiteTechnical Assistance Center Xii Overview Radius ProtocolSteps to Connection Packet Exchange Between User, NAS, and RadiusPacket Contents Types of Radius MessagesProxy Servers Attribute DictionaryBasic Authentication and Authorization Proxying to an Ldap Server for AuthenticationOverview Basic Authentication and Authorization Understanding Cisco Access Registrar Cisco Access Registrar HierarchyServices UserLists and GroupsProfiles ScriptsSession Management Using Resource Managers Subdirectory Description Cisco AR Directory StructureProgram Flow Scripting Points Client or NAS Scripting PointsCisco AR Server Action Explanation Action ExplanationAuthentication and/or Authorization Scripting Points Radius/Advanced/RequireNASsBehindProxyBeInClieSession Management Failover by the NAS and Session ManagementIncoming Scripts Authentication/Authorization ScriptsScript Processing Hierarchy Outgoing Scripts Cross Server Session and Resource ManagementOverview Session-Service Service Step and Radius-Session Service Configuring a Front Line Cisco Access RegistrarConfigure Central AR OL-2683-02 AltigaIncomingScript Using Cisco AR ScriptsACMEOutgoingScript AuthorizeService AltigaOutgoingScriptANAAAOutgoing AscendIncomingScriptAuthorizeTelnet CabletronIncomingCabletronOutgoing CiscoIncomingExecTimeRule ExecDNISRuleExecFilterRule ExecNASIPRuleLDAPOutage MapSourceIPAddressParseAAARealm ParseAAASRealmParseServiceAndAAARealmHints ParseServiceAndAAASRealmHintsParseServiceAndAARealmHints ParseServiceAndAASRealmHintsParseServiceHints ParseTranslationGroupsByCLIDParseTranslationGroupsByDNIS ParseTranslationGroupsByRealmUSROutgoingScript Understanding Replication Replication OverviewMaster Server How Replication WorksReplication Data Flow Security Replication ArchiveEnsuring Data Integrity Slave ServerAutomatic Resynchronization Transaction Data VerificationTransaction Order Replication Configuration Settings Understanding Hot-ConfigurationFull Resynchronization Replication’s Impact on Request ProcessingRepType RepTransactionSyncIntervalRepTransactionArchiveLimit MasterRepIPAddress RepPortRepSecret RepIPMasterRep Members Subdirectory Rep Members/Slave1Name IPAddressOverview Supported MIBsSnmp Traps RADIUS-AUTH-SERVER-MIBSupported Traps CarServerStartCarServerStop CarInputQueueFullCarOtherAccServerNotResponding CarOtherAuthServerNotRespondingCarOtherAuthServerResponding Configuring Traps CarOtherAccServerRespondingCarAccountingLoggingFailure Directories SearchedConfiguration File Types Switching Configuration Files in Mid-FileCommunity String OL-2683-02 Prepaid Billing Solution Measurements and Component Actions Configuring Prepaid Billing Generic Call Flow Call Flow DetailsAccess-Request Authentication Attribute Number Attribute Name DescriptionAccess-Accept Authorization Access-Accept AuthenticationAccess-Request Authorization Attribute Number Attribute Name Accounting StartData Flow Access-Request Quota Depleted Accept-Accept Quota DepletedAccounting Stop Session End Accounting Response Final StatusVendor-Specific Attributes Source VSA Name Type Call Flow DescriptionTotal Volume quota received by Crbprivate O S S a R Y GL-1Scalable wholesale access/open access solution GL-2GL-3 GL-4 GL-5 GL-6 GL-7 GL-8 GL-9 GL-10 Radius IN-1RFC IN-2IN-3 IN-4
Related manuals
Manual 180 pages 47.88 Kb

3.5 specifications

Cisco Systems 3.5 is an advanced version of Cisco's renowned networking and security solutions. This iteration showcases significant enhancements in performance, scalability, and security, making it a preferred choice for enterprises aiming to optimize their network operations and bolster their cybersecurity posture.

One of the main features of Cisco Systems 3.5 is its enhanced network automation capabilities. Automation streamlines network management, allowing organizations to apply consistent policies across their infrastructure while minimizing human error. This version employs advanced algorithms and machine learning to predict and rectify network issues proactively. With automation tools, network administrators can configure, monitor, and troubleshoot their networks with unprecedented efficiency.

Another notable characteristic of Cisco Systems 3.5 is its integration of artificial intelligence and machine learning into networking processes. The incorporation of AI enhances decision-making by analyzing vast amounts of network data, identifying patterns, and offering insights that help ensure optimal performance. This predictive analytics capability allows organizations to predict potential disruptions before they impact operations.

Security is a major focus in Cisco Systems 3.5. The platform introduces advanced threat detection and response systems that utilize deep learning to identify and mitigate emerging threats in real-time. Enhanced encryption protocols ensure that data transmitted over the network remains secure, protecting sensitive information from cyber threats. The integrated security features ensure compliance with various regulatory standards, a crucial requirement for businesses across multiple sectors.

The platforms' support for Software-Defined Networking (SDN) allows for dynamic resource allocation and traffic management. This flexibility enables organizations to adjust their network resources quickly in response to changing demands, leading to improved efficiency and reduced operational costs. Cisco Systems 3.5 also supports multicloud environments, facilitating seamless integration with cloud services such as AWS, Google Cloud, and Microsoft Azure.

Moreover, Cisco Systems 3.5 offers robust telemetry features, providing detailed real-time insights into network performance and health. This data-driven approach allows organizations to make informed decisions regarding capacity planning and resource optimization.

In summary, Cisco Systems 3.5 combines cutting-edge technologies such as AI, machine learning, and SDN to deliver a comprehensive networking solution. With its focus on automation, enhanced security, and multicloud support, this version is well-suited for modern enterprises looking to enhance their network infrastructure and security measures. As organizations continue to evolve in a digital-centric world, Cisco Systems 3.5 stands out as a critical tool to achieve connectivity and security goals effectively.
Top Page Image Contents