35-14
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter35 Configuring AAA Servers and the Local Database
Configuring AAA
Step4 reactivation-mode {depletion [deadtime minutes] |
timed}
Example:
hostname(config-aaa-server-group)#
reactivation-mode deadtime 20
Specifies the method (reactivation policy) by which
failed servers in a group are reactivated.
The depletion keyword reactivates failed servers only
after all of the servers in the group are inactive.
The deadtime minutes keyword-argument pair specifies
the amount of time in minutes, between 0 and 1440, that
elapses between the disabling of the last server in the
group and the subsequent reenabling of all servers. The
default is 10 minutes.
The timed keyword reactivates failed servers after 30
seconds of down time.
Step5 accounting-mode simultaneous
Example:
hostname(config-aaa-server-group)#
accounting-mode simultaneous
Sends accounting messages to all servers in the group
(RADIUS or TACACS+ only).
To restore the default of sending messages only to the
active server, enter the accounting-mode single
command.
Step6 aaa-server server_group [interface_name] host
server_ip
Example:
hostname(config)# aaa-server servergroup1 outside
host 10.10.1.1
Identifies the server and the AAA server group to which
it belongs.
When you enter the aaa-server host command, you enter
aaa-server host configuration mode. As needed, use host
configuration mode commands to further configure the
AAA server.
The commands in host configuration mode do not apply
to all AAA server types. Table35-2 lists the available
commands, the server types to which they apply, and
whether or not a new AAA server definition has a default
value for that command. Where a command is applicable
to the specified server type and no default value is
provided (indicated by “—”), use the command to
specify the value.
Table35-2 Host Mode Commands, Server Types, and Defaults
Command Applicable AAA Server Types Default Value Description
accounting-port RADIUS 1646
acl-netmask-convert RADIUS standard
authentication-port RADIUS 1645
kerberos-realm Kerberos —
key RADIUS —
TACACS+ —
ldap-attribute-map LDAP —
ldap-base-dn LDAP —
ldap-login-dn LDAP —
Command Purpose