Remerciez-le!

Remerciez @Admin pour avoir partagé cet document gratuitement, de la manière la plus simple, en partageant sur les réseaux sociaux.

Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Ad

Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices. Cisco Prime Access Registrar 9.0 Administrator Guide Published: June 28, 2019 Last Modified: July 22, 2019 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R) Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. Cisco Prime Access Registrar 9.0 Administrator Guide © 2019 Cisco Systems, Inc. All rights reserved. 1 Cisco Prime Access Registrar 9.0 Administrator Guide C O N T E N T S C H A P T E R 1 Overview 1-1 Session Management 1-1 Failover by the NAS and Session Management 1-2 Cross Server Session and Resource Management 1-2 Script Processing Hierarchy 1-4 RADIUS Protocol 1-5 Steps to Connection 1-6 Enhanced IP Allocation in Prime Access Registrar 1-7 5G Data Network-AAA (DN-AAA) Compliance 1-7 Obtain Documentation and Submit a Service Request 1-7 C H A P T E R 2 Configuring Cisco Prime Access Registrar 2-1 Using aregcmd 2-1 General Command Syntax 2-1 aregcmd Commands 2-2 Configuring a Basic Site 2-2 Running aregcmd 2-3 Changing the Administrator’s Password 2-3 Creating Additional Administrators 2-4 Configuring Prime Access Registrar Server Settings 2-4 Checking the System-Level Defaults 2-5 Checking the Server’s Health 2-6 Selecting Ports to Use 2-6 Displaying the UserLists 2-7 Displaying the Default UserList 2-8 Adding Users to UserLists 2-8 Deleting Users 2-9 Displaying UserGroups 2-9 Configuring Clients 2-10 Adding a NAS 2-10 Configuring Profiles 2-11 Setting RADIUS / Diameter Attributes 2-11 Adding Multiple Cisco AV Pairs 2-12 Validating and Using Your Changes 2-12 Contents 2 Cisco Prime Access Registrar 9.0 Administrator Guide Saving and Reloading 2-12 Testing Your Configuration 2-13 Using radclient 2-13 Troubleshooting Your Configuration 2-14 Setting the Trace Level 2-14 Configuring Accounting 2-15 Configuring SNMP 2-15 Enabling SNMP in the Cisco Prime Access Registrar Server 2-16 Stopping the Master Agent 2-16 Modifying the snmpd.conf File 2-16 Access Control 2-16 Trap Recipient 2-17 System Contact Information 2-18 Restarting the Master Agent 2-18 Configuring Dynamic DNS 2-18 Testing Dynamic DNS with radclient 2-20 C H A P T E R 3 Customizing Your Configuration 3-1 Configuring Groups 3-1 Configuring Specific Groups 3-2 Creating and Setting Group Membership 3-2 Configuring a Default Group 3-3 Using a Script to Determine Service 3-3 Configuring Multiple UserLists 3-4 Configuring Separate UserLists 3-5 Creating Separate UserLists 3-5 Configuring Users 3-6 Populating UserLists 3-6 Configuring Services 3-6 Creating Separate Services 3-6 Creating the Script 3-7 Client Scripting 3-7 Configuring the Script 3-7 Client Scripting 3-8 Choosing the Scripting Point 3-8 Handling Multiple Scripts 3-9 Configuring a Remote Server for AA 3-9 Configuring the Remote Server 3-10 Creating a RemoteServer 3-10 Contents 3 Cisco Prime Access Registrar 9.0 Administrator Guide Configuring Services 3-11 Creating Services 3-11 Configuring the RADIUS Server 3-12 Changing the Authentication and Authorization Defaults 3-12 Configuring Multiple Remote Servers 3-13 Configuring Two Remote Servers 3-13 Creating RemoteServers 3-14 Configuring Services 3-14 Creating the Services 3-14 Configuring the Script 3-15 Choosing the Scripting Point 3-15 Configuring Session Management 3-16 Configuring a Resource Manager 3-16 Creating a Resource Manager 3-17 Configuring a Session Manager 3-18 Creating a Session Manager 3-18 Enabling Session Management 3-18 Configuring Session Management 3-19 C H A P T E R 4 Setting the CPAR Configurable Option 4-1 General Command Syntax 4-1 View-Only Administrator Mode 4-2 ViewOnly Property 4-3 Configuration Objects 4-3 aregcmd Command Performance 4-3 RPC Bind Services 4-4 aregcmd Commands 4-4 add 4-5 cd 4-5 delete 4-6 exit 4-6 filter 4-6 find 4-6 help 4-7 insert 4-7 login 4-7 logout 4-7 ls 4-8 next 4-8 Contents 4 Cisco Prime Access Registrar 9.0 Administrator Guide prev 4-8 pwd 4-9 query-sessions 4-9 quit 4-9 release-sessions 4-9 reload 4-10 reset-stats 4-10 save 4-10 set 4-11 start 4-12 stats 4-12 status 4-15 stop 4-16 tacacs-stats 4-16 tacacs-reset-stats 4-16 dia-stats 4-17 dia-stats-reset 4-19 trace 4-20 trace-file-count 4-21 unset 4-21 validate 4-21 OpenSSL Commands 4-22 ecparam 4-22 req 4-22 ca 4-22 aregcmd Command Logging 4-22 aregcmd Command Line Editing 4-23 aregcmd Error Codes 4-23 C H A P T E R 5 Configuring and Monitoring the RADIUS Server 5-1 Radius 5-2 UserLists 5-3 Users 5-4 HiddenAttributes Property 5-5 UserGroups 5-5 Policies 5-6 Clients 5-6 Vendors 5-12 Contents 5 Cisco Prime Access Registrar 9.0 Administrator Guide Scripts 5-13 Services 5-14 Types of Services 5-15 EAP Services 5-16 Extended-EAP 5-17 File 5-17 Group 5-19 Java 5-20 LDAP 5-20 Local 5-21 ODBC 5-22 ODBC-Accounting 5-23 Prepaid Services 5-23 RADIUS 5-23 Radius Query 5-24 Diameter-RADIUS 5-28 RADIUS-Diameter 5-28 RADIUS-Session 5-29 Rex 5-29 WiMAX 5-30 Diameter 5-30 M3UA 5-37 Session Managers 5-38 Session Creation 5-41 Session Notes 5-41 Soft Group Session Limit 5-42 Session Correlation Based on User-Defined Attributes 5-43 Resource Managers 5-43 Types of Resource Managers 5-44 Group-Session-Limit 5-45 Home-Agent 5-45 Home-Agent-IPv6 5-45 IP-Dynamic 5-45 IP-Per-NAS-Port 5-46 IPX-Dynamic 5-46 Session-Cache 5-46 Subnet-Dynamic 5-47 User-Session-Limit 5-48 USR-VPN 5-48 Contents 6 Cisco Prime Access Registrar 9.0 Administrator Guide Dynamic-DNS 5-49 Remote-IP-Dynamic 5-49 Remote-User-Session-Limit 5-49 Remote-Group-Session-Limit 5-49 Remote-Session-Cache 5-49 3GPP 5-49 Profiles 5-50 Attributes 5-50 Translations 5-51 TranslationGroups 5-51 Remote Servers 5-52 Types of Protocols 5-53 Dynamic DNS 5-53 LDAP 5-54 Map-Gateway 5-57 Sigtran 5-58 ODBC 5-59 ODBC-Accounting 5-61 OCI 5-61 OCI-Accounting 5-62 Prepaid-CRB 5-62 Prepaid-IS835C 5-62 RADIUS 5-62 Diameter 5-63 REST 5-64 SIGTRAN-M3UA 5-65 Rules 5-65 Fast Rules 5-65 Advanced 5-65 RemoteODBCSessionServer 5-81 Using the RequireNASsBehindProxyBeInClientList Property 5-82 Advance Duplicate Detection Feature 5-83 Invalid EAP Packet Processing 5-83 Ports 5-84 Interfaces 5-84 Reply Messages 5-84 Attribute Dictionary 5-86 Types 5-86 Vendor Attributes 5-87 Contents 7 Cisco Prime Access Registrar 9.0 Administrator Guide SNMP 5-87 Diameter 5-88 Configuring Diameter Transport Management Properties 5-89 Configuring Diameter Session Management 5-91 Configuring Diameter Application 5-92 Configuring Diameter Commands 5-93 Configuring Diameter Dictionary 5-99 C H A P T E R 6 Configuring Local Authentication and Authorization 6-1 Configuring a Local Service and UserList 6-1 Configuring a Local Service 6-2 Configuring a Userlist 6-3 Configuring Cisco Prime Access Registrar to Use the Local Service For AA 6-3 Activating the Configuration 6-4 Troubleshooting the Local Service and UserList Configuration 6-4 Verifying the Configuration 6-4 Configuring Return Attributes and Check-Items 6-6 Configuring Per User Return Attributes 6-6 Configuring Per User Check-Items 6-7 Verifying the Per User Return Attributes and Check-Items Configuration 6-7 Configuring Profiles to Group Attributes 6-8 Configuring Return Attributes and Check-Items Using UserGroup 6-9 Return Attribute Precedence 6-10 aregcmd Command Performance 6-10 UserDefined1 Property 6-11 Access-Request Logging 6-11 C H A P T E R 7 Using Extension Points 7-1 Determining the Goal of the Script 7-2 Writing the Script 7-2 Choosing the Type of Script 7-3 Request Dictionary Script 7-3 Response Dictionary Script 7-4 Environment Dictionary Script 7-4 Adding the Script Definition 7-5 Adding the Example Script Definition 7-5 Choosing the Scripting Point 7-6 Testing the Script 7-6 Contents 8 Cisco Prime Access Registrar 9.0 Administrator Guide About the Tcl/Tk 8.3 Engine 7-6 Cisco Prime Access Registrar Scripts 7-6 ACME 7-8 AltigaIncomingScript 7-8 AltigaOutgoingScript 7-8 ANAAAOutgoing 7-8 AscendIncomingScript 7-8 AscendOutgoingScript 7-9 AuthorizePPP 7-9 uploads/s1/ cpar-admin-guide.pdf