Manuel d'utilisation / d'entretien du produit 3.5 du fabricant Cisco Systems
Aller à la page of 80
Corporate Headquarters Cisco Systems, In c. 170 West Tasman Drive San Jose, CA 951 34-1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553-NETS (638 7) Fax: 408 526-4100 Cisco A ccess Registrar 3.
THE SPECIFICATION S AND INFORMATION RE GARDING THE PRODU CTS IN THIS MANUAL ARE SUBJECT TO CHAN GE WITHOUT NOTICE. ALL STATEMENTS , INFORMATION, AND RECOMMENDATI ONS IN THI S MANUAL ARE BE LIEVED TO BE A CCURATE BUT ARE PRESENTED WI THOUT WARRANTY OF ANY KIND, EX PRESS OR IMPLIED.
iii Cisco Access Registra r 3.5 Concepts and Reference Guide OL-2683-02 CONTENTS About This Guide ix Obtaining Documentation ix World Wide We b ix Ordering Documentation x Documentation Feedback x Obtaining Technical Assistance x Cisco.
Contents iv Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Script Processing Hierarchy 2-8 Cross Server Session and Resource Management 2-9 Overview 2-9 Session-Service Service St.
Contents v Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 ParseServiceAndAARealmHints 3-6 ParseServiceAndAASRealm Hints 3-6 ParseServiceAndProxyHints 3-6 ParseServiceHints 3-7 Par.
Contents vi Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Rep Members Subdirectory 4-8 Rep Members/Slave1 4-8 Name 4-8 IPAddress 4-8 Port 4-8 CHAPTER 5 Understanding SNM P 5-1 Ov.
Contents vii Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 Accounting S tart 6-7 Data Flow 6-7 Access-Request (Quota Dep leted) 6-8 Accept-Accept (Quota Depleted) 6-8 Accounting .
Contents viii Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02.
ix Cisco Access Registra r 3.5 Concepts and Reference Guide OL-2683-02 About This Guide This document pr ovides infor mation to help you und erstand RADIUS con cepts and to help you de v elop a better understandi ng of the Cisco Access Re gistrar 3.0 serv er .
x Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 About This Guide Obtaining Te chnical Assistance Ordering Documentation Cisco documentation is a vail able in the follo wing ways : • Registered Cisco Direct Customers can order Cisco Product do cumentation from the Netw orking Products MarketPlace: http://www .
xi Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 About This Guide Obtaining Technical Assista nce Customers and partners can self-register on Cisco.
xii Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 About This Guide Obtaining Te chnical Assistance.
CH A P T E R 1-1 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 1 Overview The chapter provides an overvie w of the RADIUS se rver , including connection steps, RADIU S message types, and using Cisco Access Registrar as a pr oxy server .
1-2 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 1 Overvi ew RADIUS Protocol Figure 1 -1 Pack et Exchange Be tw een User , NAS, and RADIUS Cisco Access Registrar can also reject the packet if it needs to den y network access to the user .
1-3 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 Chapter 1 Overview RADIUS Protocol Step 8 Cisco Access Registrar formats the response based on the Response dictionary an d sends it back to the client (N AS).
1-4 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 1 Overvi ew RADIUS Protocol The Attribute Dictionary The Attrib ute dictionary contains a list of preconf igured authentication, auth orizati on, and accounting attributes that can be part of a client’ s or user’ s co nf iguration.
1-5 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 Chapter 1 Overview Basic Authentica tion and Authorization Figure 1 -2 Pro xying to an LD AP Server f or A uthentication Basic A.
1-6 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 1 Overvi ew Basic Authentication and Authorization – Performs resource management fo r each Resource Manager in th e Session Manager .
CH A P T E R 2-1 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 2 Understanding Cisco Access Registrar This chapter describes the Cisco Access Registrar ob ject structure, and e xplains when Ci sco Access Registrar references each of these objects during the processing of client requests.
2-2 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 2 Und erstanding Cisco Access Registrar Cisco Access Registrar Hierarchy UserLists and Groups Cisco Access Registrar lets you organize your us er community through th e configuration objects UserLists , users , and UserGroups .
2-3 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 Chapter 2 Understanding Cisc o Access Registrar Cisco Access Registrar Hie rarchy For e xample, to use Services for authentication: • When you want the authentication to be performed b y the Cisco Access Registrar RADIUS serv er , you can specify the local service.
2-4 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 2 Und erstanding Cisco Access Registrar Cisco AR Dire ctory Structure concurrently , you might creat e two Session Manage rs and three Resource Managers.
2-5 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 Chapter 2 Understanding Cisc o Access Registrar Program Flow Scripting Points Cisco Access Registrar lets you in vok e scripts you can use to affect the Request, Response, or En vironment dictionaries.
2-6 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 2 Und erstanding Cisco Access Registrar Program Flow Authentication and/or Authorization Scripting Points Ta b l e 2 - 4 sho ws the location of t he scripting points within the section that determines wheth er to perform authentication and/or authorizatio n.
2-7 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 Chapter 2 Understanding Cisc o Access Registrar Program Flow Session Management The Session Management feature requires the cli ent (N AS or proxy) to send all RADIUS accountin g requests to the Cisco Access Registrar serv er perform ing session management.
2-8 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 2 Und erstanding Cisco Access Registrar Program Flow • The secondary server w ill not kno w about th e cu rrent acti ve sessions that are maintained on the primary server .
2-9 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 Chapter 2 Understanding Cisc o Access Registrar Cross Se rver Session and Resource Managemen t T able 2-8 Cisco A ccess Registr ar Pr ocessing Hierar c h y for Outg oing Scr ipts Cross Server Session and Resource Management Prior to Cisco AR1.
2-10 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 2 Und erstanding Cisco Access Registrar Cross Server Sessio n and Resource Management When the front line Cisco AR server receives the acc ess-request, it does the regul ar AA processing.
2-11 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 Chapter 2 Understanding Cisc o Access Registrar Cross Se rver Session and Resource Managemen t IncomingScript = OutgoingScript = OutagePolicy = RejectAll OutageScript = MultipleServersPolicy = Failover RemoteServers/ 1.
2-12 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 2 Und erstanding Cisco Access Registrar Cross Server Sessio n and Resource Management.
CH A P T E R 3-1 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 3 Cisco Access Registrar Scripts This chapter describes the scripts pr ovided with Cisco Access Registrar . Using Cisco AR Scripts The Cisco Access Registrar scripts are stored in /localhost/Radius/Scripts .
3-2 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 3 Cisc o Access Registrar Scripts Using Cisco AR Scripts AltigaOutgoingScript AltigaOutgoi ngScript maps Altig a attrib utes from Cisc o Access Registrar’ s global attribute space to the appropriate Altiga-proprietary attributes.
3-3 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 Chapter 3 Cisco Access Registrar Scripts Using Cisco AR Scripts AuthorizeTelnet AuthorizeT elnet is referenced from either the u.
3-4 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 3 Cisc o Access Registrar Scripts Using Cisco AR Scripts ExecDNISRule ExecDNISRule is referenced from the polic y engine to determine the auth entication and authori zation service and policy based on the DNIS set in the polic y engine.
3-5 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 Chapter 3 Cisco Access Registrar Scripts Using Cisco AR Scripts LDAPOutage LD APOutage is referenced from LD AP Services as OutageScript. LD APOutage logs wh en the LD AP binding is lost.
3-6 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 3 Cisc o Access Registrar Scripts Using Cisco AR Scripts ParseProxyHints ParseProxy Hints is referenced from the N AS IncomingScript scripting point.
3-7 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 Chapter 3 Cisco Access Registrar Scripts Using Cisco AR Scripts ParseServiceHints ParseServiceHints is referenced from the N AS Incomi ngScript scripting poi nt. Check to see if we are gi ven a hint of the service type or the r ealm.
3-8 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 3 Cisc o Access Registrar Scripts Using Cisco AR Scripts USROutgoingScript USR OutgoingScript maps USR attr ibutes from Ci sco Access Regist rar’ s global attribu te space to the appropriate USR-proprietary attributes.
CH A P T E R 4-1 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 4 Understanding Replication This chapter describes Cisco Access Re gistrar's conf ig uration replicat ion features, functions, limitation s and operation.
4-2 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 4 Unde rstanding Replication How Replic ation Works When there is a configuration change , the master serv er propagates the change set to all member serv ers ov er the netw ork.
4-3 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 Chapter 4 Unde rstanding Replication How Replicat ion Works Slave Server Step 1 When the slav e server recei ves the transaction, its contents are verif ied.
4-4 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 4 Unde rstanding Replication How Replic ation Works Transaction Data Verification When the master prepares a transaction.
4-5 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 Chapter 4 Unde rstanding Replication Replication C onfiguration Settings Full Resynchronization Full Resynchronization means that the slav e has missed more transactions than are stored in the master's replication archi ve and cann ot be resynchron ized automaticall y .
4-6 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 4 Unde rstanding Replication Replication Configuration Settings RepType RepT ype indicates the type of replication. The choices a v ailable are SMDBR and NONE. When RepT ype is se t to NONE, repli cation is disabled.
4-7 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 Chapter 4 Unde rstanding Replication Replication C onfiguration Settings If the sla ve should go do wn or otherwise be taken of .
4-8 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 4 Unde rstanding Replication Replication Configuration Settings Rep Members Subdirectory The Rep Members subdirectory cont ains the list of sla ves to which the master will replicate transactio ns.
CH A P T E R 5-1 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 5 Understanding SNMP This chapter pro vides informatio n about Cisco Access Registrar support for SNMP . Overview Cisco Access Registrar 3.0 provides SNMP MIB and trap support for users of network management systems.
5-2 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 5 Un derstanding SNMP SNMP Traps RADIUS-AUTH-SERVER-MIB The RADIUS-A UTH-SER VER-MIB describ es the server side of the RADIUS authen tication protocol. The information cont ained in this MIB describe s managed objects used for managin g a RADIUS authentication server .
5-3 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 Chapter 5 Understanding SNMP SNMP Trap s Supported Traps The traps supported by Cisco Access Registrar enab le Cisco AR to notify interested management stations of e vents, f ailure, or impending f ailure conditions.
5-4 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 5 Un derstanding SNMP SNMP Traps carOtherAuthServerNotResponding carOtherA uthSer verNotResponding indicates that an au thentication server i s not responding to a request sent from this serv er .
5-5 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 Chapter 5 Understanding SNMP SNMP Trap s carOtherAccServerResponding carOtherAccServerResponding signifi es that an accounting serv er that had pre viously sent a not r esponding messag e is now responding to req uests from th e Cisco AR server .
5-6 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 5 Un derstanding SNMP SNMP Traps These files are option al and are only used to configu re the extensibl e portions of the agent, the v alues of the community strings, and the optional trap destinations.
5-7 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 Chapter 5 Understanding SNMP SNMP Trap s Community String A community string is used to authenticate the trap message sender (SNMP agent) to the trap recipient (SNMP management station).
5-8 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 5 Un derstanding SNMP SNMP Traps.
CH A P T E R 6-1 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 6 Prepaid Billing Solution This chapter describes the generic call flo w between the t hree components required to supp ort a prepaid billing solution usi ng the RADIUS protocol: the AAA client, the Cisco Access Registrar 3.
6-2 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 6 Prepaid Billing Solutio n Overview Cisco AR 3.5 prov ides maximum flexibil ity to billin g server s by allo wing the metering v ariable to be modif ied as the service is used.
6-3 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 Chapter 6 Prepaid Billing Solution Configuring Prepaid Billing Configuring Prepaid Billing Cisco AR 3.
6-4 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 6 Prepaid Billing Solutio n Generic Call Flow Figur e 6-1 Gener ic Call Flow Diagr am Generic Call Flow This section describes th e generic call flo w for the Cisco AR 3.5 prep aid billing soluti on.
6-5 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 Chapter 6 Prepaid Billing Solution Generic Call Flow Note In the follo wing attrib ute tables, entries be ginning with APPL indicate applicat ion-specif ic attribu tes. Another application migh t use the fi eld for dif ferent purp ose or ignore the field.
6-6 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 6 Prepaid Billing Solutio n Generic Call Flow Access-Accept (Authentication) Flow 2b sho ws the billing serv er returning the authentication resul t. The billing server return s a failure if the prepaid subscriber ha s an inadequate balance.
6-7 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 Chapter 6 Prepaid Billing Solution Generic Call Flow In Flow 4s , the Cisco AR 3.5 serv er con verts the quota array recei ved into VSA s and sends an Access-Acce pt with the assembl ed VSAs to the AAA c lient.
6-8 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 6 Prepaid Billing Solutio n Generic Call Flow Access-Request (Quota Depleted) Flow 7c sho ws the client sending an Access-Request to the Cisco AR 3.5 server because at least one quota has been depleted.
6-9 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 Chapter 6 Prepaid Billing Solution Generic Call Flow Accounting Stop (Session End) In Flow 9c , the client sends an Accounting-Stop to the Cisco AR 3 .5 server to end th e session.
6-10 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 6 Prepaid Billing Solutio n Generic Call Flow Vendor-Specific Attributes V endor-speci fic a ttrib utes are in cluded in spec if ic RADIUS packets to communicate prepaid user balance information from the Cisco AR 3.
6-11 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 Chapter 6 Prepaid Billing Solution Generic Call Flow CRB_USER_TYPE crb-entity-type Int8 4s T ype of user: 1. Prepaid user 2. Post-paid with no credit lim it 3. Post-paid with credit limit 4.
6-12 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 Chapter 6 Prepaid Billing Solutio n Generic Call Flow CRB_TERMIN A TE_CA USE crb-terminate-cause Int8 4se Identif ies why a subscriber f ailed authentication: 1. Exceeded the balance 2.
GL-1 Cisco Access Registra r 3.5 Concepts and Reference Guide OL-2683-02 GLOSSARY A Access point A de vice that bridges the wir eless link on one side to the wired n etwork on the other . Analog Channel A circuit-switched commu nication path intended to carry 3.
Glossary GL-2 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 CSU/DSU Channel Service Unit/Data Service Un it isolates your network from y our exchange carr ier’ s network. It also receiv es the timing, lo w-lev el framing inform ation, and data passed fro m the termination point.
Glossar y GL-3 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 F FT Field T echni cian is someone w ho installs your ca ble modem in you r house. Frame Relay Frame Relay is a cost-ef fecti ve, lightwei ght, many-to-man y , medium-speed, virtual network , link-layer technology .
Glossary GL-4 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 M MIB Manageme nt Information Base—D atabase of network ma nagement informa tion used and ma intained by a network manageme nt protocol such as SNM P . The value of a MIB obj ect can be changed or retrie ved using SNMP comm ands.
Glossar y GL-5 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 P packet A bloc k of data in a standa rd format for transmission. PAP Password Authenticati on Protocol is a simple PPP authentication mechanis m in whic h a cleartext username and password are transmitted to pro ve identit y .
Glossary GL-6 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 RADIUS Dictionary The RADIUS dictionary passes in formation between a script and the RADIUS ser ver , or between scripts running on a single packet.
Glossar y GL-7 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 Service A means of specifying the method to use to perfo rm a function. A service can be specified for the follo wing functions: auth entication, authorizatio n, accounting, and authenticat ion-authorization.
Glossary GL-8 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02 T TACACS T erminal Access Controller A ccess Control System, a an authentication server that validates user IDs and passwords, thus controlling entry into systems.
Glossar y GL-9 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 VPN V irtual Pri vate Netw ork is a way for companies to use the Internet to securely transport pri vate data. VRF V irtual routing and forwarding. A per VPM routing t a ble on the PE router .
Glossary GL-10 Cisco Access Registrar 3.5 Co ncepts and Reference Guide OL-2683-02.
IN-1 Cisco Access Registra r 3.5 Concepts and Reference Guide OL-2683-02 INDEX A AAA Servers multiple 2-9 Access Registrar definition 1-1 objects 2-1 Access-Accept 2-7 Access-Challenge 1-2 Accounting .
Index IN-2 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02 RadiusServer object 2-1 RepIPMaster 4-7 Replication ix, 4-1 archive 4-3 automatic resync hronization 4-4 configuration se.
Index IN-3 Cisco Access Registra r 3.5 Concepts and Reference Guide OL-2683-02 definition 1-2 SLIP 1-4 SNMP ix, 5-1 configuration files 5-5, 5-6 traps 5-2 SNMP Configuration community string 5-7 snmp.
Index IN-4 Cisco Access Registrar 3.5 Concepts a nd Reference Guide OL-2683-02.
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
 
                Si vous n'avez pas encore acheté Cisco Systems 3.5 c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du Cisco Systems 3.5 - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation Cisco Systems 3.5, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le Cisco Systems 3.5 va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le Cisco Systems 3.5, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du Cisco Systems 3.5.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le Cisco Systems 3.5. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei Cisco Systems 3.5 ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.