How to configure AAA

Similar Messages

• Configuring AAA Authorization on ACS 4.1

  Hi,
  Can anybody provide me links to any good documentation on how to configure AAA Authorization using Command Shell on the ACS 4.1 ? I would be really grateful if someone one can point me few links.
  Thanks,
  Meet

  Hi
  I would try looking at this link:
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a0080088893.shtml
  This describes how to plan, design and build shell cmd auth config in ACS.
  Darran

• Configuring aaa local command authorization

  i am a bit struggling with how to configure aaa local command authorization, i am not getting any material also for configuring it. Please tell me how to configure aaa local command authorization.. or possible give me some useful links for that..

  Hi,
  For aaa authorization command set.Kindly refer to link.
  http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_command_reference_chapter09186a00800ca5d4.html
  I hope this help.Please rate this post.
  cheers
  Sachin

• How can I configure AAA authentication on ASR9K?

  Hi everyone,
  I´m looking for how can I configure AAA authenticacion on ASR9K.
  I have a TACACS+ server
  Thanks and regards,
  Jaime.

  Hi Jaime,
  here is the basic configuration:
  tacacs-server host port 49
  key 7 !
  aaa group server tacacs+ acs-group
  server
  aaa authentication login acs-auth group acs-group local
  line console
  login authentication acs-auth
  line default
  login authentication acs-auth
  An example:
  RP/0/RSP1/CPU0:router#sh run tacacs-server
  tacacs-server host 1.1.1.1 port 49
  key 7 0822455D0A16544541
  RP/0/RSP1/CPU0:router#sh run aaa group server tacacs+
  aaa group server tacacs+ acs-group
  server 1.1.1.1
  RP/0/RSP1/CPU0:router#sh run aa authentication
  aaa authentication login acs-auth group acs-group local
  RP/0/RSP1/CPU0:router#sh run line default
  line default
  login authentication acs-auth
  exec-timeout 0 0

• How to configure router to use ip pool on the aaa server for vpn clients

  how to configure router to use ip pool on the aaa server for vpn clients . i want to use vpn clients to connect to the router. authenticate using the aaa server username databse and also use the ip pool cretaed on the aaa server. i am not able to find the command on the router pointing to use the pool created on the aaa server. can u some one help me with this command.
  sebastan

  Hello Sebastan,
  what do you use as AAA server (e.g. ACS with TACACS+ or RADIUS) ?
  Regards,
  GNT

• How to configure a COM domain, IPv4 and IPv6

  Hi,
  I am a new user on the Mac Server, but I have experience in Linux, my problem would be to understand how I configure the Mac Mini Server during installation or after installation, to assign a COM domain.
  I would like to configure only the service Apache, FTP, MySQL.
  My internet provider, today provided me 4 static IPs IPv4 and 4 IPv6, to use, now I want also to configure two local DNS if possible:
  IPv4:
  www.mydomain.com
  ftp.mydomain.com
  mysql.mydomain.com
  IPv6:
  www6.mydomain.com
  For if I can configure DNS in Dual Stack or if I have to record them in a different way.
  A control panel is currently not able to find it, you can advise me if something is well accepted, the important it is for business use as I would like to configure the server is for private use.
  I hope I was clear, I'm sorry but I do not speak perfect English.
  Thanks in advance to all.

  To be clear, in your example you only have one domain - mydomain.com - all the other entries are just host records within that domain.
  For your IPv4 hosts just add standard A records:
  ftp  A  1.2.3.4
  www   A   1.2.3.5
  mysql  A  1.2.3.6
  For your IPv6 hosts just add AAAA records:
  www6    AAAA 1234::ab:cd:ef
  I seriously doubt you want to put your MySQL server on a public IP address, though, so I'd look carefully at your network setup before going much further.

• How to configure Apache/Portal to service 2 separate groups of  users

  Before someone say this is a Portal issue - please read on.
  I would like to know how to configure Portal to service 2 separate groups of * Internet * users (A and B) all within the same installation so that when a user enters www.aaa.com or www.bbb.com that user is directed to a public page for that group only.
  Currently, when a user of either group enters www.aaa.com or www.bbb.com they arrive at the same public page where they can click on a link and goto their respective private pages (SSO Protected) after logging in.
  My installation facts
  infra - host1.mycompany.com
  portal - host2.mycompany.com (www.aaa.com and www.bbb.com are pointing to this host)
  j2ee - host3.mycompany.com
  I have configured web-cache to listen on port 80 and direct all requests to host2.mycompany.com:7778.
  I used RedirectMatch within host2 httpd.conf to redirect any request to the portal public page.
  I wondering if it is possible to read the "IP NAME" and do a RedirectMatch on it. In other words when a request come into the Apache listener - is it seeing an IP address request or an IP name ie "www.aaa.com". Because if it is - then there may be some way to redirect based upon that. My assumption is the "http://www.aaa.com" cannot be read by RedirectMatch - only the portion after "http://www.aaa.com/mypage" ie "mypage.
  Any help is appreciated!
  Bill G...

  I don't think the issue is one of Apache (not even sure it's one of named virtual hosts since you want both sites to serve the same content). The issue is one of having multiple .local names point to the same machine.
  I don't know this can be done without your own DNS server running in the network.

• Configure AAA on 5508 WLC's

  Dear All,
  I am new to wireless,very keen on learning this technology.I have got a few questions from the situation which i have come across.How do we proceed with the same, Thanks in advance
  1>Customer wanted to configure two 5508 HA WLC's, he wanted to configure AAA
  2>Configuration of AP as Network access device
  3>Implementation of Cisco ISE ( For Wired and Wireless users
  Remote Installation  of Cisco Identity Service Engine
  Setting up Virtual ISE Appliance on VMware platform Licence update
  Installation of  ISE policy server
  Configure Policy module
  Configure Administration module
  Configure Monitoring moduleAuthentication (Integration with Active Directories)Integrate with Active directoryImport Active directory groups Authorization - Creation of policies pertaining to users and groups Define and configure authorization policyDefine and configure authorization conditionsDefine and configure authorization results

  Hello Saurav,
  Thank you so much for getting back, in error i rated this post only 1, 
  I have few more questions.Thanks for your help
  ISE Integration with Wireless LAN Controllers
  Integration of ISE with WLC – Pre-shared Key exchange
  Integration of ISE with Access Point  - Network Access Device
  Installation/Configuration of ISE supplicant on end-points
  Guest on-boarding portal – Design  
  Define Guest portal – Cisco template/Customised
  Define policy and access for Guest Vlan
  Integration of ISE and wireless networking into Cisco Prime

• Configuring AAA in ACE using ANM

  Hi guys
  Is there a way to do this? I cant find anywhere how to configure the AAA parameters for the ACE CLI access using the ANM. I know where to configure AAA for the ANM access, but not for the ACE devices.
  thx in advance!
  Omar M

  Hi Omar,
  Is there a way to change the interface that the ACE uses for TACACSs requests?
  The interface to be used for the AAA request is chosen based on the routing table, so, unless the server is in a vlan directly connected to the ACE, you can define which interface to be used by configuring a static route towards the server.
  Also, there's gonna be a request for each context right?
  The AAA configuration is done on a per-context basis, so, each context will handle connections arriving to it following its own configuration settings.

• How to configure oracle listener profile for multiple oracle database

  Hi,
  I am going to install solution manager system in the same server of ERP EHP4 on Windows. Both DB are oracle.
  I'd like to know how to configure listener in this kind of envirnmonent.
  a. use two listener and different ports
  b. use same listener but different ports
  c. use same listener and same port
  Which is the correct mothed?
  And, after installation, there seem three set of profiles of listten, one for ERP, one for SLM, and the other for OS?(%windir%system32), which one is functional?
  Please advise.
  Thanks a lot.
  Regards,
  Alex

  Hi,
  standard installation is creating new configs for listener for each instance.
  I would recommend to use one listener per each instance.
  YOU CAN NOT HAVE one port number for two differnet systems!
  If you want to use one listener than you must adapt tnsnames.ora, listener.ora and ensure that both systems will use different port numbers.
  For example PORT= 15<system number>
  Peter

• How to configure one TREX host with multiple index servers ?

  Hi All,
  Does anyone know how to configure TREX on the one host,
  with multiple index servers ?
  Reason for this is to make better use of resources available on the host server(4 Gig, 4 Processor, Windows2003), to improve the search performance of
  our KM content for portal users.
  I am using TREX 7 and have not been able to do this,
  despite reading the Single and Distributed install
  documentation.
  Any help would be appreciated.
  Regards,
  Andres

  Hi Andres,
  To make use of the RAM a Server provides you have to run two indexserver processes (each can then consume 2 GB);
  Proceed like this:
  1. Go to TREXdeamon.ini; check if section [indexserver2] is there (it is already provided, but not active in standard installation)
  2. In TREXdeamon.ini go to
  [daemon]
  references sections below
  programs=nameserver,preprocessor1,indexserver1,queueserver,alertserver
  and add indexserver2 here. Restart TREX; second porcess is then started; can be checked in TREX monitor in Portal as well
  3. To distribute existing indexes to the new process, start TREXadmintool and go to Index: Landscape
  Go to the last two columns and move the indexes (move master here/secondary mouse click)
  If you don't distribute the indexes the new index server process will be regarded when an new index is created.
  Hope this helps!
  cheers
  Bettina

• How to configure request manager service for multiple website in one web application

  I have set up sp 2013 as below:
   web application : wa1
  site collection : sc1
  sp site: site1, site2
  I used 2 WFE, 1 APP, how can I use request manager service to control  site1 to wfe1, site2 to wfe2?
  Awen

  That's not what i'd describe as load balancing.
  A better description would be load-isolation. In your description then if the load on site1 was large (and growing) but site2 was quiet then site1 would struggle and eventually become unable to handle the number of users but site2 would still be ok. That's
  fine from a QOS point of view but it's not the norm for load balancing. It would work in simple scenarios but the out of the box load balancing tools are much better suited than that sort of approach.
  This article shows how to configure the RMS and may help show how your request is difficult to configure:
  http://www.harbar.net/articles/sp2013rm2.aspx

• How to configure 3 different members under a single Month column

  Hi SAP Gurus,
    My client requirement is to show the report in following format, where under a Month column 3 different columns having
  1) Quantity (Number of unit ) of a product,
  2) its rate (Amount per unit), and
  3) Total (amount)    will appear in a single report.
     I have Month as a Time Dim, while Qty, Rate and Total are members of account dim.
  Que: How to configure such scenario in a single report?
  Jan.2011
  Product Category:            Qty (Input)   Rate (Input)   Total (Output)                    
  Product 1                                               
  Product 2                                             
  Product 3                                             
  Product 4                                             
  Group1                                             
       Where: Total = Qty X Rate                                        
  Thanks and Regards,
  SouarbhD

  Hi,
  Use an EVDRE to create your input schedule. You need to have one row with products and 2 columns with time and account. Choose the memberset options as per the requirement. For the accounts, is total calculated with a dimension formula? If yes, then you just need to enter the values for quantity and rate and send the data. The total will be calculated by the system and will be displayed automatically.
  Hope this helps.

• How to configure an Alert message if communicationChannel(JMS) stops

  All,
  Is there a way how to configure an alert when the communication channel stops.
  <b>Scenario:</b>
  In the path Runtime workbench->Component Monitoring->Adapter Engine->Communication Channel monitoring, if we see that a communication channel has stopped(RED traffic light as Status), then can we trigger an alert notification for same.
  Currently we have alrerts configured for any message/s failure in the JMS Adapter Framework. So can we trigger simmilar alerts when a comm channel stops(for whatever reason).
  Thanks in advance
  RK

  Hi Sreeram,
  Thanks for the quick reply.
  We have a scenario where we activate individual channels at a given time. So in this case, Adapter will always be in RED as all queues are never running in our scenario.
  So we need an ALERT to be triggered for individual comm channels. Is theer any way that you can think of ?
  Thanks and regards
  RK

• How to configure multiple IP addresses on one NIC?

  Hi,
  I just installed a OVM Server in version 3.2.1 and the according VMManager. Now i wanted to try to configure the Server/Server Pool. Now i come across a problem, which was already a big problem in OVM 2 while configuring the Networks.
  All our OVM Servers have three NICs in them. One is for VMs and Management, the others are for connection to our SAN (Dell PowerVault MD 3220i). My problem is, that due to the network setup, the two NICs for storage need two IP addresses in two different networks each. This shouldn't be a problem, because usually in linux all you have to do is configure something like eth1:1. I remember having huge trouble configuring it in our OVM 2 cluster up to the point where I had to write a shell script to configure the second IP.
  Anyways, I have configured two of the storage networks on eth1 and eth2 of the VM Server. Now i cannot configure any more IP addresses, because eth1 and eth2 are not available anymore for configuration in a third network. I really hoped that it would be possible in OVM 3 to configure multiple IP addresses. And probably it is only my lack of knowledge of how to configure it.
  So any advice is well appreciated.
  Thanks!
  Regards,
  Marek Hubatka

  You should be able to do this by using "VLAN Groups".
  http://docs.oracle.com/cd/E35328_01/E35332/E35332.pdf
  Check out the VLAN groups section. You must great the VLAN groups before you can assign them to interfaces.