Specifications
3-406
Cisco Wide Area Application Services Command Reference
OL-16451-01
Chapter 3 CLI Commands
(config) authentication content-request
Server Redundancy
Authentication servers can be specified with the tacacs host or radius-server host global configuration
commands. In the case of TACACS+ servers, the tacacs host hostname command can be used to
configure additional servers. These additional servers provide authentication redundancy and improved
throughput, especially when WAAS device load-balancing schemes distribute the requests evenly
between the servers. If the WAAS device cannot connect to any of the authentication servers, no
authentication takes place and users who have not been previously authenticated are denied access.
Specifying the Windows Domain Login Authentication
You can enable the Windows domain as an administrative login authentication and authorization method
for a device or device group. Before you enable Windows authentication, you must first configure the
Windows domain controller by using the windows-domain wins-server global configuration command.
(See the (config) windows-domain command.)
Note WAAS supports authentication by a Windows domain controller running only on Windows Server 2000
or Windows Server 2003.
Examples The following example shows how to query the secondary authentication database if the primary
authentication server is unreachable. This feature is referred to as the failover server-unreachable
feature.
WAE(config)# authentication fail-over server-unreachable
If you enable the failover server-unreachable feature on the WAAS device, only two login authentication
schemes (a primary and secondary scheme) can be configured on the WAAS device. The WAAS device
fails over from the primary authentication scheme to the secondary authentication scheme only if the
specified authentication server is unreachable.
To enable authentication privileges using the local, TACACS+, RADIUS, or Windows databases, and to
specify the order of the administrative login authentication, use the authentication login global
configuration command. In the following example, RADIUS is specified as the primary method,
TACACS+ as the secondary method, Windows as the third method, and the local database as the fourth
method. In this example, four login authentication methods are specified because the failover
server-unreachable feature is not enabled on the WAAS device.
WAE(config)# authentication login radius enable primary
WAE(config)# authentication login tacacs enable secondary
WAE(config)# authentication login windows-domain enable tertiary
WAE(config)# authentication login local enable quaternary
Note If you enable the failover server unreachable feature on the WAAS device, make sure that you
specify either TACACS+ or RADIUS as the primary scheme for authentication, and specify
local as the secondary scheme for authentication.
To enable authorization privileges using the local, TACACS+, RADIUS, or Windows databases, and to
specify the order of the administrative login authorization (configuration), use the authentication
configuration global configuration command.