Cisco Systems 3.5 manual Session Management Using Resource Managers

Page 21

Chapter 2 Understanding Cisco Access Registrar

Cisco Access Registrar Hierarchy

For example, to use Services for authentication:

When you want the authentication to be performed by the Cisco Access Registrar RADIUS server, you can specify the local service. In this, case you must specify a specific UserList.

When you want the authentication performed by another server, which may run an independent application on the same or different host than your RADIUS server, you can specify either a radius, ldap, or tacacs-udpservice. In this case, you must list these servers by name.

When you have specified more than one authentication service, Cisco Access Registrar determines which one to use for a particular Access-Request by checking the following:

When an incoming script has set the Environment dictionary variable Authentication-Servicewith the name of a Service, Cisco Access Registrar uses that service.

Otherwise, Cisco Access Registrar uses the default authentication service. The default authentication service is a property of the Radius object.

Cisco Access Registrar chooses the authentication service based on the variable Authentication-Service, or the default. The properties of that Service, specify many of the details of that authentication service, such as, the specific user list to use or the specific application (possibly remote) to use in the authentication process.

For more information about Services, refer to Access Registrar Server Objects in the Cisco Access Registrar User’s Guide.

Session Management Using Resource Managers

Cisco Access Registrar lets you track user sessions, and/or allocate dynamic resources to users for the lifetime of their session. You can define one or more Session Managers, and have each one manage the sessions for a particular group or company.

Session Managers use Resource Managers, which in turn manage resources of a particular type as described below.

IP-Dynamic—manages a pool of IP addresses and allows you to dynamically allocate IP addresses from that pool

IP-Per-NAS-Port—allows you to associate ports to specific IP addresses, and thus ensure each NAS port always gets the same IP address

IPX-Dynamic—manages a pool of IPX network addresses

Group-Session-Limit—manages concurrent sessions for a group of users; that is, it keeps track of how many sessions are active and denies new sessions once the configured limit has been reached

User-Session-Limit—manages per-user concurrent sessions; that is, it keeps track of how many sessions each user has and denies the user a new session once the configured limit has been reached

USR-VPN—manages Virtual Private Networks (VPNs) that use USR NAS Clients.

For more information about Session Managers, refer to Access Registrar Server Objects in the Cisco Access Registrar User’s Guide.

If necessary, you can create a complex relationship between the Session Managers and the Resource Managers.

When you need to share a resource among Session Managers, you can create multiple Session Managers that refer to the same Resource Manager. For example, if one pool of IP addresses is shared by two departments, but each department has a separate policy about how many users can be logged in

Cisco Access Registrar 3.5 Concepts and Reference Guide

 

OL-2683-02

2-3

 

 

 

Page 20 Page 22
Image 21
Page 20 Page 22
Contents Corporate Headquarters Cisco Access Registrar 3.5 Concepts and Reference GuideCisco Access Registrar 3.5 Concepts and Reference Guide Iii N T E N T SSession-Service Service Step and Radius-Session Service Replication’s Impact on Request Processing IPAddress Port Understanding Snmp Vii Accounting Start Data FlowViii World Wide Web Obtaining DocumentationOrdering Documentation Obtaining Technical AssistanceDocumentation Feedback Cisco.comContacting TAC by Using the Cisco TAC Website Technical Assistance CenterContacting TAC by Telephone Xii Radius Protocol OverviewPacket Exchange Between User, NAS, and Radius Steps to ConnectionTypes of Radius Messages Packet ContentsAttribute Dictionary Proxy ServersProxying to an Ldap Server for Authentication Basic Authentication and AuthorizationOverview Basic Authentication and Authorization Cisco Access Registrar Hierarchy Understanding Cisco Access RegistrarUserLists and Groups ServicesProfiles ScriptsSession Management Using Resource Managers Cisco AR Directory Structure Program FlowSubdirectory Description Client or NAS Scripting Points Scripting PointsCisco AR Server Action Explanation Action ExplanationRadius/Advanced/RequireNASsBehindProxyBeInClie Authentication and/or Authorization Scripting PointsFailover by the NAS and Session Management Session ManagementAuthentication/Authorization Scripts Script Processing HierarchyIncoming Scripts Cross Server Session and Resource Management OverviewOutgoing Scripts Configuring a Front Line Cisco Access Registrar Session-Service Service Step and Radius-Session ServiceConfigure Central AR OL-2683-02 Using Cisco AR Scripts ACMEOutgoingScriptAltigaIncomingScript AltigaOutgoingScript AuthorizeServiceANAAAOutgoing AscendIncomingScriptCabletronIncoming AuthorizeTelnetCabletronOutgoing CiscoIncomingExecDNISRule ExecTimeRuleExecFilterRule ExecNASIPRuleMapSourceIPAddress LDAPOutageParseAAARealm ParseAAASRealmParseServiceAndAAASRealmHints ParseServiceAndAAARealmHintsParseServiceAndAARealmHints ParseServiceAndAASRealmHintsParseTranslationGroupsByCLID ParseServiceHintsParseTranslationGroupsByDNIS ParseTranslationGroupsByRealmUSROutgoingScript Replication Overview Understanding ReplicationHow Replication Works Replication Data FlowMaster Server Replication Archive SecurityEnsuring Data Integrity Slave ServerTransaction Data Verification Transaction OrderAutomatic Resynchronization Understanding Hot-Configuration Replication Configuration SettingsFull Resynchronization Replication’s Impact on Request ProcessingRepTransactionSyncInterval RepTypeRepTransactionArchiveLimit MasterRepPort RepIPAddressRepSecret RepIPMasterRep Members/Slave1 Rep Members SubdirectoryName IPAddressSupported MIBs OverviewRADIUS-AUTH-SERVER-MIB Snmp TrapsCarServerStart Supported TrapsCarServerStop CarInputQueueFullCarOtherAuthServerNotResponding CarOtherAuthServerRespondingCarOtherAccServerNotResponding CarOtherAccServerResponding Configuring TrapsCarAccountingLoggingFailure Directories SearchedSwitching Configuration Files in Mid-File Configuration File TypesCommunity String OL-2683-02 Prepaid Billing Solution Measurements and Component Actions Configuring Prepaid Billing Call Flow Details Generic Call FlowAttribute Number Attribute Name Description Access-Request AuthenticationAccess-Accept Authentication Access-Request AuthorizationAccess-Accept Authorization Accounting Start Data FlowAttribute Number Attribute Name Accept-Accept Quota Depleted Access-Request Quota DepletedAccounting Response Final Status Accounting Stop Session EndSource VSA Name Type Call Flow Description Vendor-Specific AttributesTotal Volume quota received by Crbprivate GL-1 O S S a R YGL-2 Scalable wholesale access/open access solutionGL-3 GL-4 GL-5 GL-6 GL-7 GL-8 GL-9 GL-10 IN-1 RadiusIN-2 RFCIN-3 IN-4
Related manuals
Manual 180 pages 47.88 Kb

3.5 specifications

Cisco Systems 3.5 is an advanced version of Cisco's renowned networking and security solutions. This iteration showcases significant enhancements in performance, scalability, and security, making it a preferred choice for enterprises aiming to optimize their network operations and bolster their cybersecurity posture.

One of the main features of Cisco Systems 3.5 is its enhanced network automation capabilities. Automation streamlines network management, allowing organizations to apply consistent policies across their infrastructure while minimizing human error. This version employs advanced algorithms and machine learning to predict and rectify network issues proactively. With automation tools, network administrators can configure, monitor, and troubleshoot their networks with unprecedented efficiency.

Another notable characteristic of Cisco Systems 3.5 is its integration of artificial intelligence and machine learning into networking processes. The incorporation of AI enhances decision-making by analyzing vast amounts of network data, identifying patterns, and offering insights that help ensure optimal performance. This predictive analytics capability allows organizations to predict potential disruptions before they impact operations.

Security is a major focus in Cisco Systems 3.5. The platform introduces advanced threat detection and response systems that utilize deep learning to identify and mitigate emerging threats in real-time. Enhanced encryption protocols ensure that data transmitted over the network remains secure, protecting sensitive information from cyber threats. The integrated security features ensure compliance with various regulatory standards, a crucial requirement for businesses across multiple sectors.

The platforms' support for Software-Defined Networking (SDN) allows for dynamic resource allocation and traffic management. This flexibility enables organizations to adjust their network resources quickly in response to changing demands, leading to improved efficiency and reduced operational costs. Cisco Systems 3.5 also supports multicloud environments, facilitating seamless integration with cloud services such as AWS, Google Cloud, and Microsoft Azure.

Moreover, Cisco Systems 3.5 offers robust telemetry features, providing detailed real-time insights into network performance and health. This data-driven approach allows organizations to make informed decisions regarding capacity planning and resource optimization.

In summary, Cisco Systems 3.5 combines cutting-edge technologies such as AI, machine learning, and SDN to deliver a comprehensive networking solution. With its focus on automation, enhanced security, and multicloud support, this version is well-suited for modern enterprises looking to enhance their network infrastructure and security measures. As organizations continue to evolve in a digital-centric world, Cisco Systems 3.5 stands out as a critical tool to achieve connectivity and security goals effectively.
Top Page Image Contents