-
Cisco Access Registrar User Guide
-
Index
-
About This Guide
-
Overview
-
Using the aregcmd Commands
-
Using the Graphical User Interface
-
Cisco Access Registrar Server Objects
-
Using the radclient Command
-
Configuring Local Authentication and Authorization
-
RADIUS Accounting
-
Extensible Authentication Protocols
-
Using Extension Points
-
Using Replication
-
Using On-Demand Address Pools
-
Using Identity Caching
-
Using Trusted ID Authorization with SESM
-
Using Prepaid Billing
-
Using Cisco Access Registrar Features
-
Using the Policy Engine
-
Wireless Support
-
Using LDAP
-
Using Open Database Connectivity
-
Using SNMP
-
Backing Up the Database
-
Using the REX Accounting Script
-
Logging syslog Messages
-
Troubleshooting Cisco Access Registrar
-
Cisco Access Registrar Tcl and REX Dictionaries
-
Environment Dictionary
-
RADIUS Attributes
-
Glossary
-
Cisco Access Registrar User Guide
-
Table Of Contents
A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - Q - R - S - T - U - V - W - X -
Index
A
AAAFileServiceSyncInterval 4-43
AcceptAll 4-9, 4-11, 4-13, 4-14, 4-15, 4-16, 4-22
Accepted-Profiles B-1
Access-Challenge 1-11
Access Registrar
backups 21-1
definition 1-1
dictionaries 9-1
internal database 21-1
server 4-2
Access-Reject B-8
Accounting 7-1
attributes 1-13
database 1-1
definition 1-1
log file 4-11
MaxFileAge 7-2
MaxFileAge format 7-4
MaxFileSize 7-2
MaxFileSize format 7-3
RolloverSchedule 7-2
setting up 7-1
Start 7-1
Stop 7-1
Accounting log 3-22
Accounting records 14-10
Accounting-Service B-2
ACKaccounting 4-41
Acquire-Dynamic-DNS B-2
Acquire-Home-Agent B-2
Add Administrator page 3-6
Adding administrators 3-6
Adding AV pairs 3-16
Adding clients 3-8
Adding profiles 3-11
Adding users 3-15
addProfile method A-2
Administrator properties 3-6
AdvancedDuplicateDetectionMemoryInterval 4-44, 4-46
AltigaOutgoingScript 9-7
ANAAAOutgoing 9-7
aregcmd
Access Registrar command 2-1
command performance 2-3
commands 2-4
add 2-4
cd 2-4
delete 2-5
exit 2-5
filter 2-5
find 2-5
help 2-6
insert 2-6
login 2-6
logout 2-6
ls 2-7
next 2-7
prev 2-7
pwd 2-8
query-sessions 2-8
quit 2-8
release-sessions 2-8
reload 2-9
save 2-9
set 2-10
start 2-11
stats 2-11
status 2-12
stop 2-12
trace 2-13
unset 2-14
validate 2-14
definition 2-1
error codes 2-16
save 6-3
session management commands 4-23
syntax 2-1
aregcmd CLI log 3-23
ARIsCaseInsensitive 4-44
AscendIncomingScript 9-7
AscendOutgoingScript 9-7
Attribute Dictionary 1-13, 4-49, A-1
methods A-1
put method A-2
alphabetical list C-2
check item 15-21
numeric list C-5
AttributesToBeCached 12-5
Authentication-Service 1-6
Authorization
definition 1-1
Authorization-Service 1-6
B
BackingStore-Env-Vars B-3
Backups 21-1
BindName 4-36
BindPassword 4-36
Broadcast-Accounting-Packet B-4
C
CabletronOutgoing 9-8
Cache-Attributes-In-Session B-4
Callback-Number 1-13
callsPerSecond 5-10
Case insensitive commands
cd command 2-1
CertificateDBPath 4-43
change directory command
Change of Authorization (CoA) 15-27
CHAP
Access Request packet 5-2
CHAP_ PASSWORD
attribute type 4-50
Check item attributes 15-21
CiscoIncoming 9-8
CiscoOutgoing 9-8
Cisco Subscriber Edge Services Manager 13-1
CiscoWithODAPIncomingScript 9-8, 11-1, 11-3
clear method A-2
Client/server model 1-11
Client-Behind-the-Proxy 9-2
Client properties 3-8
Clients
adding 3-8
list 4-46
required attributes 3-8
CoA requests 15-27
Commands
eap-trace 8-23
tunnel 8-23
ConfigurationError reply message 4-49
Configuration Objects 2-3
Configure page 3-4
Configuring
check item attributes 15-22
LDAP RemoteServer 18-2
local service 6-2
ODBC RemoteServer 19-3
Configuring clients 3-7
Configuring CoA requests 15-27
Configuring profiles 3-10
Configuring rules 16-2
containsKey method A-2
CRB-Prepaid billing
with SSG 14-14
D
Database
Access Registrar backups 21-1
MCD 6-3
DefaultAccountingService 4-3
DefaultAuthenticationService 1-3, 4-2
DefaultAuthorizationService 4-3
DefaultReturnedSubnetSizeIfNoMatch 4-44
DefaultSessionManager 4-3
DefaultSessionService 4-3
Destination-IP-Address B-4
Destination-port B-4
Dictionaries
Types of 9-1
Dictionary
attribute 4-45
Disable-Accounting-On-Off-Broadcast B-4
DNSLookupAndLDAPRebindInterval 18-5
DropPacket. 4-9, 4-11, 4-13, 4-14, 4-15, 4-16, 4-22
Dynamic-DNS-HostName B-4
Dynamic-Search-Filter B-4
E
authentication mechanism 8-1
fatal error packet handling 4-47
SilentDiscard 4-47
EAP-Actual-Identity B-5
EAP authentication 8-1
EAP-Authentication-Mode B-5
EapBadMessagePolicy 4-47
EAP-LEAP 8-13
EAP-MD5 8-14
EAP-MSChapv2 8-16
EAP response messages 4-47
EAP-SIM 8-20
EAP-SIM authentication 8-20
eap-trace command 8-23
EAP-Transport Level Security 8-18
Easysoft Open Source 19-6
Editting
users 3-16
Editting administrators 3-6
Editting clients 3-10
Editting profiles 3-13
Empty string 2-1
EntryPoint 4-22
ENUM
attribute type 4-50
Environment Dictionary 1-3, 1-6, 9-1, 9-3
Environment Dictionary script 9-4
Environment variable
Accounting-Service B-2
Acquire-Group-Session-Limit B-2
Acquire-IP-Dynamic B-2
Acquire-IP-Per-NAS-Port B-2
Acquire-IPX-Dynamic B-2
Acquire-Subnet-Dynamic B-3
Acquire-User-Session-Limit B-3
Acquire-USR-VPN B-3
Allow-Null-Password B-3
Authentication-Service B-3
Authorization-Service B-3
Current-Group-Count B-4
Dynamic-Search-Path B-5
Group-Session-Limit B-5
Ignore-Accounting-Signature B-5
Incoming-Translation-Groups B-5
Misc-Log-Msg-Info B-5
Reject-Reason B-6
Remote-Server B-6
Request-Authenticator B-6
Request-Type B-7
Require-User-To-Be-In-Authorization-List B-7
Response-Type B-8
Session-Key B-8
Session-Manager B-8
Session-Service B-8
Source-IP-Address B-9
Trace-Level B-9
Unavailable-Resource B-9
Unavailable-Resource-Type B-9
User Authorization-Script B-10
User-Group B-10
User-Group-Session-Limit B-10
User-Name B-10
User-Profile B-10
User-Session-Limit B-10
Error codes
aregcmd 2-16
ExecCLIDRule 16-15
ExecDNISRule 16-15
ExecNASIPRule 16-15
ExecRealmRule 16-14
Extensible Authentiction Protocols 8-1
Extension points 9-2
F
Failover policy 4-14, 4-15, 4-16, 8-21
Fatal error packet 4-47
Filename 4-22
Filter 4-37
firstKey method A-2
Framed-IP-Address 1-13
Framed Protocol 1-13
FramedRouting 4-30
G
Gateway
Description 4-27
IPAddress 4-27
LocationID 4-27
Name 4-27
SharedSecret 4-27
TunnelRefresh 4-27
Gateways 4-30
get method A-2
Grouping property 16-1
Group service 14-5, 14-11, 14-13
Group-Session-Limit Resource Manager 1-3, 4-26
GUI
administrators page 3-5
configure page 3-4
launching 3-1
logging in 3-3
log out 3-4
overview page 3-4
top-level 3-4
H
HiddenAttributes 4-4
HostName 4-36
Hot configuration 10-5
Hot-lining 15-27
I
Identifier 4-30
IncomingScript 1-5, 3-9, 4-2, 4-6, 4-7, 4-41
IncomingScriptFailed reply message 4-49
IncomingScript RejectedRequest reply message 4-49
InitEntryPointArgs 4-22
InitialBackgroundTimerSleepTime 4-43
InitialTimeout 4-41
Input queue
high threshold 20-3
Interfaces properties 4-1
InternalError reply message 4-48
IPADDR
attribute type 4-50
IP-Dynamic Resource Manager 1-3, 4-26
IP-Per-NAS-Port Resource Manager 1-3, 4-26
IPX-Dynamic Resource Manager 1-3, 4-26
isEmpty method A-2
J
Java service 4-13
JavaVMOptions 4-44
L
LDAP 18-1
hostname 18-3
MultipleServersPolicy 18-2
protocol 4-36
RemoteServers 4-33
ldap
BindName 4-36
BindPassword 4-36
Filter 4-37
HostName 4-36
LDAPToEnvironmentMappings 4-38
LDAPToRadiusMappings 4-38
LimitOutstandingRequests 4-37
MaxOutstandingRequests 4-37
MaxReferrals 4-37
PasswordEncryptionStyle 4-37
ReferralAttribute 4-37
ReferralFilter 4-37
SearchPath 4-37
UserPasswordAttribute 4-37
UseSSL 4-38
LDAP Rebind 18-4
failures 18-5
LDAP RemoteServer 18-2
LDAP server 1-14
LDAP service 18-1
LDAPToCheckItemMappings 4-38, 18-6
LDAPToEnvironmentMappings 4-38, 18-6
LDAPToRadiusMappings 4-38, 18-5
LEAP 8-13
Lightweight Directory Access Protocol 18-1
LimitOutstandingRequests 4-37
Listing users 3-14
UserList type 4-3
localhost 5-7
Local Service 6-2
local service 4-3
Locating clients 3-7
LogFileCount 4-43
Log files 24-3
file system 7-3
managing 7-3
LogFileSize 4-43
Logging in 2-6
GUI 3-4
Logging out 2-6
login command 2-6
Login page 3-3
log method A-2
LogServerActivity 4-42
M
Malformed Request reply message 4-48
Mapping XML attributes 12-5
MapSourceIPAddress 9-10
Maximum NumberOf RadiusPackets 4-42
MaximumODBCResultSize 4-44
MaxOutstandingRequests 4-37
MaxReferrals 4-37
MaxTries 4-41
MCD 21-1
mcdcd.d01-d03 21-2
mcdConfig.txt 21-2
MCD database 6-3
mcddb.dbd 21-2
mcddb.k01-k03 21-2
mcdshadow 21-1
Measurements
prepaid billing 14-6
Message logging (Linux) 23-3
Message logging (Solaris) 23-2
MinimumSocketBufferSize 4-43
Mobile Node-Home Agent 17-1
Monitor page 3-17
MPLS 11-1
MultipleServersPolicy 4-14, 4-15, 4-16, 18-2, 19-3
MVA
radclient 5-5
N
NAS IP Address 4-49
NAS-IP-Address 1-13
NAS-Port 1-13
NAS-Vendor-Behind-the-Proxy 9-2
Neighbor 4-30
nextKey method A-2
O
ODAP
accounting service 11-7
address ranges 11-2
AllowNullPassword property 11-6
CiscoIncomingScript 11-3
configuration summary 11-4
configuring 11-4
configuring clients 11-15
configuring Session Managers 11-13
detailed configuration 11-5
on-demand address pool 11-1
Resource Managers 11-9
service 11-6
Session Managers 11-8
userlist 11-5
users 11-5
vendor type 11-4
ODBC.ini file 19-2
ODBC RemoteServer 19-3
ODBC service 19-2
ODBCToEnvironmentMappings 19-6
ODBCToRadiusMappings 19-6
ORACLE_HOME 19-2
Oracle Driver
Easysoft Open Source 19-6
Oracle functions 19-5
order dependent commands
OS paging size 4-22
OutagePolicy 4-9, 4-11, 4-13, 4-14, 4-15, 4-16, 4-22
OutageScript 4-9, 4-11, 4-13, 4-14, 4-15, 4-16, 4-22
OutgoingScript 3-9, 4-2, 4-6, 4-7, 4-41
OutgoingScriptFailed 4-49
OutgoingScriptRejectedRequest 4-49
Outgoing scripts 1-2, 1-7, 1-12
Outgoing-Translation-Groups B-6
P
Packet buffering 7-8
Packet fields 1-13
packet-identifier 5-3
Packet of disconnect 15-23
Paging size
operating system 4-29
Paging size (operating system) 4-22
ParseTranslationGroupsByCLID 16-9, 16-18
ParseTranslationGroupsByDNIS 16-9, 16-17, 16-18
ParseTranslationGroupsByReal 16-17
ParseTranslationGroupsByRealm 16-9
Password
PasswordEncryptionStyle 4-37
PCO-Parse-Client-Outgoing 14-14
PEAP Version 0 8-24
PEAP Version 1 8-27
Performance
aregcmd 2-3
Policies
configuring 16-1
validation 16-3
Policy 16-1
Policy Engine 16-1
Policy engine
attribute translation 16-8
parsing translation groups 16-9
reducing overhead 16-13
time of day access restrictions 16-10
wildcard support 16-2
Port 8080 3-1
Ports 4-45
Ports properties 4-1
PPO-Parse-Prepaid-Outgoing 14-15
Prepaid
group service 14-5, 14-11, 14-13
Prepaid billing
measurements 14-6
Profile properties 3-12
Profiles
adding 3-11
editting 3-13
Protected EAP 8-1
Proxy server 1-14
put method A-2
Q
QueryKey 12-5
Query-Service B-6
Query Session Result page 3-26
query-sessions command 4-23
R
radclient
callsPerSecond 5-10
multivalued attributes 5-5
syntax 5-1
timetest 5-9
radclient commands 8-23
RADIUS
attribute name 5-5
attributes C-1
messages 1-12
packet type identifier 5-3
program flow 1-11
protocol 1-11
server 2-3, 2-6, 4-5, 5-3, 9-4
server test tool 5-1
ReactivateTimerInterval 4-33
Realm B-6
ReferralAttribute 4-37
ReferralFilter 4-37
RejectAll 4-9, 4-11, 4-13, 4-14, 4-15, 4-16, 4-22
Reject-Reason B-6
release-sessions command 4-23
RemoteLDAPServiceThreadTimerInterval 4-43
RemoteRadiusServerInterface 4-44
RemoteServer
ODBC-Accounting 4-39
prepaid-crb 4-40
Remote servers
RemoteServers objects 4-1
RemoteServer types 4-33
remove method A-3
RepIPMaster 10-7
Replication
archive 10-3
automatic resynchronization 10-4
configuration settings 10-6
data flow 10-2
data integrity 10-4
hot configuration 10-5
hot-standby 10-1
impact on request processing 10-5
RepIPAddress 10-7
RepTransactionArchiveLimit 10-2, 10-6
RepTransactionSyncInterval 10-2, 10-6
security 10-3
slaves 10-8
slave server 10-2
transaction order 10-4
transaction verification 10-4
Reply Messages 4-48
RepMasterIPAddress 10-8
RepMasterPort 10-8
RepPort 10-7
RepSecret 10-7
RepType 10-6
script 9-3
Request-Type Packets
Access-Accept B-7
Access-Challenge B-7
Access-Reject B-7
Access-Request B-7
Accounting-Request B-7
Accounting-Response B-7
Ascend-IPA-Allocate B-7
Ascend-IPA-Release B-7
Status-Client B-7
Status-Server B-7
USR-Enhanced-Radius B-7
USR-NAS-Reboot-Request B-7
USR-NAS-Reboot-Response B-7
USR-Resource-Free-Request B-7
USR-Resource-Free-Response B-7
USR-Resource-Query-Request B-7
USR-Resource-Query-Response B-7
RequireNASsBehindProxyBeInClientList 4-42, 4-46
Resource allocation
dynamic 1-3
ResourceManager
identity caching 12-4
Resource Managers 1-4, 4-26, 4-27
Group-Session-Limit 4-27
Home-Agent 4-27
IP-Dynamic 4-28
IP-Per-NAS-Port 4-28
IPX-Dynamic 4-28
subnet-dynamic 4-29
User-Session-Limit 4-30
USR-VPN 4-30
script 9-4
Response-Type B-8
Resynchronization
automatic 10-4
full 10-5
REX
scripts 4-7
REX attribute dictionary
getBytes method A-6
putBytes method A-8
REX environment dictionary
allocateMemory A-10
clear A-10
containsKey A-10
firstKey A-10
get A-10
isEmpty A-10
log A-10
nextKey A-10
put A-10
remove A-10
reschedule A-11
size A-11
trace A-11
rex service
EntryPoint 4-22
Filename 4-22
InitEntryPoint 4-22
InitEntryPointArgs 4-22
RFC
2866 7-1
RolloverSchedule 7-3
time format 7-4
RoundRobin policy 4-14, 4-15, 4-16, 8-21
Routing requests 16-4
based on CLID 16-6
based on DNIS 16-5
based on NASIP 16-6
based on realm 16-4
based on User-Name Prefix 16-7
RPC services 2-4
Rules 16-1
script and attribute requirements 16-3
standard scripts 16-14
S
Scripting point 9-1
NAS IncomingScript 9-4
Scripts 9-6
ACMEOutgoingScript 9-6
adding script definition 9-4
AltigaIncomingScript 9-6
ANAAAOutgoing 9-7
AuthorizePPP 9-7
AuthorizeService 9-7
AuthorizeSLIP 9-7
AuthorizeTelnet 9-8
choosing the type of script 9-3
determining goal 9-1
ExecCLIDRule 9-8
ExecDNISRule 9-9
ExecFilterRule 9-9
ExecRealmRule 9-9
extension points 9-2
ParseAAARealm 9-10
ParseAARealm 9-10
ParseAASRealm 9-10
ParseProxyHints 9-11
ParseServiceAndAAARealmHints 9-11
ParseServiceAndAAASRealmHints 9-11
ParseServiceAndAARealmHints 9-11
ParseServiceAndAASRealmHints 9-11
ParseServiceAndProxyHints 9-11
ParseServiceHints 9-12
ParseTranslationGroupsByCLID 9-12
ParseTranslationGroupsByDNIS 9-12
ParseTranslationGroupsByRealm 9-12
tParseAASRealm 9-10
tParseProxyHints 9-11
tParseServiceAndAAARealmHints 9-11
tParseServiceAndProxyHints 9-11
tParseServiceHints 9-12
types of 1-2
UseCLIDAsSessionKey 9-12
USROutgoingScript 9-13
writing 9-2
SearchPath 4-37
SelectPolicy 16-1
Server
master 10-1
primary 10-1
secondary 10-1
Server log 3-21
Server Trace Level 3-19
Services
file 4-11
ldap 4-15
proxy requests 4-33
radius 4-15
tacacs-udp 4-15
used for 1-3
services 4-9
Services objects 4-9
ServiceUnavailable reply message 4-48
SESM 13-1
SessionBackingStoreSynchronizationInterval 4-43
session-cache 4-28
Session List and Query page 3-25
Session Management
definition 1-1
types of 1-3
Session Managers 4-22
Session record size 4-22, 4-29
Setting attributes
Shadow backups 21-1
Shared key
MN-HA 17-1
Shared libraries A-1
definition 1-11
size method A-3
SLIP 1-13
configuration files 20-5, 20-6
traps 20-2
SNMP Configuration
community string 20-6
snmp.conf file 20-6
snmpd.conf file 20-6
SQLDefinition 19-4
SQL queries 19-5
SQLStatement 19-4
SQL syntax restrictions 19-5
SSG 13-1
stats command B-6
sticky commands 2-7
STRING
attribute type 4-50
syslog messages 23-1
T
tacacs-udp 4-33
Tcl attribute dictionary A-1, A-2
addProfile method A-2
clear method A-2
firstKey method A-2
get method A-2
isEmpty method A-2
log method A-2
nextKey method A-2
remove method A-3
size method A-3
trace method A-3
Tcl scripts 9-6
TerminationAction reply message 4-49
timetest 5-9
tMapSourceIPAddress 9-10
tParseAARealm 9-10
tParseServiceAndAAASRealmHints 9-11
tParseServiceAndAARealmHints 9-11
tParseServiceAndAASRealmHints 9-11
Trace Level page 3-18
Trace levels 3-19
trace method A-3
Trap configuration
directories searched 20-5
Traps
carAccountingLoggingFailure 20-5
carInputQueueFull 20-3
carInputQueueNotVeryFull 20-3
carOtherAccServerResponding 20-5
carOtherAuthServeNotrResponding 20-4
carOtherAuthServerResponding 20-4
carServerStart 20-3
carServerStop 20-3
configuring 20-5
supported 20-3
Trusted ID
configuration overview 13-2
Trusted Identity 13-1
tunnel command 8-23
TunnelRefresh 4-27
U
UDPPacketSize 4-42
UINT32
attribute type 4-50
UnableToAcquireResource reply message 4-48
UNDEFINED
attribute type 4-50
UNIX directories 1-1
UnknownUser reply message 4-48
use_challenge parameter 5-2
UseAdvancedDuplicateDetection 4-44, 4-46
UserDefined 4-4
UserGroups
check item attributes 15-22
UserList 1-2
check item attributes 15-22
UserLists page 3-13
UserNotEnabled reply message 4-48
User objects 1-2
UserPasswordAttribute 4-37
UserPasswordInvalid 4-48
User-Profile B-10
User profiles 1-2
Users
adding 3-15
editting 3-16
UserService 8-14
User-Session-Limit B-10
User-Session-Limit Resource Manager 4-26
User-session-limit Resource Manager 1-3
UseSSL 4-38
Using SESM with Cisco AR 13-1
USRIncomingScript 9-12
USRIncomingscript-ignoreAccountingSignature 9-12
USR-VPN
FramedRouting 4-30
Gateways 4-30
Identifier 4-30
Neighbor 4-30
USR-VPN Resource Manager 1-3, 4-26
V
valueAsInt 5-6
valueAsIPAddress 5-6
Variables
environment B-1
radclient 5-9
VENDOR_ SPECIFIC
attribute type 4-50
VendorID 4-50
Vendor specific attributes C-13
Ascend C-27
Cabletron C-36
Cisco C-39
Compatible C-41
Nomadix C-42
WISPr C-71
Vendor-specific attributes
ACC C-20
Altiga C-25
Bay Networks C-36
Vendor-specificattributes
Telebit C-48
VHG/PE router 11-1
VRFs 11-2
VSAs C-13
W
Windows 95 Registry 1-1
X
XML-Address-format-IPv4 12-5
XML-UserId-id_type-subscriber_id 12-5