Troubleshooting guide

ManualsBrandsCisco ManualsComputer equipmentWide Area Virtualization Engine 274

211

212

213

214

215

216

217

218

219

220

1-5

Cisco Wide Area Application Services Configuration Guide

OL-26579-01

Chapter 1 Configuring Administrative Login Authentication, Authorization, and Accounting

Configuring Administrative Login Authentication and Authorization

Note If you configure a RADIUS or TACACS+ key on the WAAS device (the RADIUS and the TACACS+

client), make sure that you configure an identical key on the external RADIUS or TACACS+ server.

You change these defaults through the WAAS Central Manager GUI, as described in the “Configuring

Administrative Login Authentication and Authorization” section on page 1-5.

Multiple Windows domain utilities are included in the WAAS software to assist with Windows domain

authentication configuration. You can access these utilities through the WAAS CLI by using the

windows-domain diagnostics EXEC command.

Configuring Administrative Login Authentication and

Authorization

To centrally configure administrative login authentication and authorization for a WAAS device or a

device group (a group of WAEs), follow these steps:

Step 1 Determine the login authentication scheme that you want to configure the WAAS device to use when

authenticating administrative login requests (for example, use the local database as the primary login

database and your RADIUS server as the secondary authentication database).

Step 2 Configure the login access control settings for the WAAS device, as described in the “Configuring Login

Access Control Settings for WAAS Devices” section on page 1-7.

Step 3 Configure the administrative login authentication server settings on the WAAS device (if a remote

authentication database is to be used). For example, specify the IP address of the remote RADIUS

servers, TACACS+ servers, or Windows domain server that the WAAS device should use to authenticate

administrative login requests, as described in the following sections:

• Configuring RADIUS Server Authentication Settings, page 1-12

• About TACACS+ Server Authentication Settings, page 1-14

Window domain administrative group There are no

predefined

administrative

groups.

Windows domain NETBIOS name None specified

Kerberos authentication Disabled

Kerberos server hostname or IP address (host that is running the Key Distribution

Center (KDC) for the given Kerberos realm

None specified

Kerberos server port number (port number on the KDC server) Port 88

Kerberos local realm (default realm for WAAS) kerberos-realm:

null string

Kerberos realm (maps a hostname or DNS domain name to a Kerberos realm) Null string

Table 1-1 Default Configuration for Administrative Login Authentication and

Authorization (continued)

Feature Default Value