Specifications

ManualsBrandsCisco ManualsComputer equipmentWAE-7326-K9

521

522

523

524

525

526

527

528

529

530

3-468

Cisco Wide Area Application Services Command Reference

OL-21611-01

Chapter 3 CLI Commands

(config) authentication login

Specifying RADIUS Authentication and Authorization Settings

To configure RADIUS authentication on a WAAS device, you must first configure a set of RADIUS

authentication server settings on the WAAS device by using the radius-server global configuration

command. (See the (config) radius-server command.)

Use the authentication login radius global configuration command to enable RADIUS authentication

for normal login mode.

Use the authentication configuration radius global configuration command to enable RADIUS

authorization.

To disable RADIUS authentication and authorization on a WAAS device, use the no form of the

authentication global configuration command (for example, use the no authentication login radius

enable command to disable RADIUS authentication).

Specifying TACACS+ Authentication and Authorization Settings

To configure TACACS+ authentication on WAAS devices, you must configure a set of TACACS+

authentication settings on the WAAS device by using the tacacs global configuration command. (See the

(config) tacacs command.)

Server Redundancy

Authentication servers can be specified with the tacacs host or radius-server host global configuration

commands. In the case of TACACS+ servers, the tacacs host hostname command can be used to

configure additional servers. These additional servers provide authentication redundancy and improved

throughput, especially when WAAS device load-balancing schemes distribute the requests evenly

between the servers. If the WAAS device cannot connect to any of the authentication servers, no

authentication takes place and users who have not been previously authenticated are denied access.

Secondary authentication servers are queried in order only if the primary server is unreachable. If

authentication fails for any other reason, alternate servers are not queried.

Specifying the Windows Domain Login Authentication

You can enable the Windows domain as an administrative login authentication and authorization method

for a device or device group. Before you enable Windows authentication, you must first configure the

Windows domain controller by using the windows-domain wins-server global configuration command.

(See the (config) windows-domain command.)

Note WAAS supports authentication by a Windows domain controller running only on Windows Server 2000

or Windows Server 2003.

Examples The following example shows how to query the secondary authentication database if the primary

authentication server is unreachable. This feature is referred to as the failover server-unreachable

feature.

WAE(config)# authentication fail-over server-unreachable

If you enable the failover server-unreachable feature on the WAAS device, only two login authentication

schemes (a primary and secondary scheme) can be configured on the WAAS device. The WAAS device

fails over from the primary authentication scheme to the secondary authentication scheme only if the

specified authentication server is unreachable.