Selecting Ports to Use, Checking the Server’s Health

Chapter 4 Configuring Cisco Access Registrar 4.2

Configuring a Basic Site

Checking the System-Level Defaults

Because this site does not use incoming or outgoing scripts, you do not need to change the scripts’ properties (IncomingScript and OutgoingScript).

Since the default authentication and authorization properties specify a single user list, you can leave these unchanged as well (DefaultAuthenticationService and DefaultAuthorizationService). And because you have decided to use a file for accounting information, you can leave this property unchanged (DefaultAccountingService).

Session management, however, is on by default (DefaultSessionManager). As you do not want to use session management, you must disable it. Use the set command, enter DefaultSessionManager, then specify an empty string by entering a set of double quotes:

set DefaultSessionManager ""

Note When you do not want Cisco AR to monitor resources for user sessions, you should disable session management because using it affects your RADIUS server performance.

You have now configured some of the properties for the RADIUS server. The next step is to add users.

Checking the Server’s Health

To check the server’s health, use the aregcmd command status. The following issues decrement the server’s health:

•Rejection of an Access-Request

Note One of the parameters in the calculation of the Cisco AR server’s health is the percentage of responses to Access-Accepts that are rejections. In a healthy environment, the rejection percentage will be fairly low. An extremely high percentage of rejections could be an indication of a Denial of Service attack.

•Configuration errors

•Running out of memory

•Errors reading from the network

•Dropping packets that cannot be read (because the server ran out of memory)

•Errors writing to the network.

Cisco AR logs all of these conditions. Sending a successful response to any packet increments the server’s health.