Specifications

ManualsBrandsCisco ManualsComputer equipmentEngine 611

301

302

303

304

305

306

307

308

309

310

3-263

Cisco Wide Area Application Services Command Reference

OL-11817-01

Chapter 3 CLI Commands

(config) authentication

Server Redundancy

Authentication servers can be specified with the tacacs host or radius-server host global configuration

commands. In the case of TACACS+ servers, the tacacs host hostname command can be used to

configure additional servers. These additional servers provide authentication redundancy and improved

throughput, especially when WAAS device load-balancing schemes distribute the requests evenly

between the servers. If the WAAS device cannot connect to any of the authentication servers, no

authentication takes place and users who have not been previously authenticated are denied access.

Specifying Windows Domain Login Authentication

You can enable Windows domain as an administrative login authentication and authorization method for

a device or device group. Before you enable Windows authentication, you must first configure the

Windows domain controller by using the using the windows-domain wins-server global configuration

command. (See the

“(config) windows-domain” command.)

We recommend that you use the WAAS Central Manager GUI instead of the WAAS CLI to configure

Windows domain controller settings. See Chapter 6 of the Cisco Wide Area Application Services

Configuration Guide.

Examples To query the secondary authentication database if the primary authentication server is unreachable, enter

the following command. This feature is referred to as the fail-over server-unreachable feature.

WAE(config)# authentication fail-over server-unreachable

If you enable the fail-over server-unreachable feature on the WAAS device, only two login

authentication scheme (a primary and secondary scheme) can be configured on the WAAS device. The

WAAS device fails over from the primary authentication scheme to the secondary authentication scheme

only if the specified authentication server is unreachable.

To enable authentication privileges using the local, TACACS+, RADIUS, or Windows databases, and to

specify the order of the administrative login authentication use the authentication login global

configuration command. In the following example, RADIUS is specified as the primary method,

TACACS+ as the secondary method, Windows as the third method, and the local database as the fourth

method. In this example, four login authentication methods are specified because the fail-over

server-unreachable feature is not enabled on the WAAS device.

WAE(config)# authentication login radius enable primary

WAE(config)# authentication login tacacs enable secondary

WAE(config)# authentication login windows-domain enable tertiary

WAE(config)# authentication login local enable quaternary

Note If you have enabled the failover server unreachable feature on the WAAS device, make sure that

you specify either TACACS+ or RADIUS as the primary scheme for authentication, and specify

local as the secondary scheme for authentication.

To enable authorization privileges using the local, TACACS+, RADIUS, or Windows databases, and to

specify the order of the administrative login authorization (configuration), use the authentication

configuration global configuration command.