Cisco Wide Area Virtualization Engine 274 Troubleshooting Guide Page 223
- Page / 594
- Table of contents
- TROUBLESHOOTING
- BOOKMARKS
Rated. / 5. Based on customer reviews
1-15
Cisco Wide Area Application Services Configuration Guide
OL-26579-01
Chapter 1 Configuring Administrative Login Authentication, Authorization, and Accounting
Configuring Administrative Login Authentication and Authorization
TACACS+ authentication is disabled by default. You can enable TACACS+ authentication and local
authentication at the same time.
You can configure one primary and two backup TACACS+ servers; authentication is attempted on the
primary server first. If the primary server is unreachable, then authentication is attempted on the other
servers in the farm, in order. If authentication fails for any reason other than a server is unreachable,
authentication is not attempted on the other servers in the farm.
The TACACS+ database validates users before they gain access to a WAAS device. TACACS+ is derived
from the United States Department of Defense (RFC 1492) and is used by Cisco Systems as an additional
control of nonprivileged and privileged mode access. The WAAS software supports TACACS+ only and
not TACACS or Extended TACACS.
If you are using TACACS+ for user authentication, you can create WAAS user group names that match
the user groups that you have defined on the TACACS+ server. WAAS can then dynamically assign roles
and domains to users based on their membership in the groups defined on the TACACS+ server. (See the
“Working with Accounts” section on page 1-3.) You must specify associated group names for each user
in the TACACS+ configuration file, as follows:
user = tacusr1 {
default service = permit
service = exec
{
waas_rbac_groups = admin,groupname1,groupname2
priv-lvl = 15
}
global = cleartext "tac"
}
For each user, list the groups they belong to in the waas_rbac_groups attribute, separating each group
from the next with a comma.
The dynamic assignment of roles and domains based on external user groups requires a TACACS+ server
that supports shell custom attributes. For example, these are supported in Cisco ACS 4.x and 5.1 and
later.
Tip The WAAS Central Manager does not cache user authentication information, so the user is
reauthenticated against the TACACS+ server for every request. To prevent performance degradation
caused by many authentication requests, install the WAAS Central Manager device in the same location
as the TACACS+ server, or as close as possible to it, to ensure that authentication requests can occur as
quickly as possible.
Configuring TACACS+ Server Settings
The WAAS software CLI EXEC mode allows you to set, view, and test system operations. The mode is
divided into two access levels: user and privileged. To access privileged-level EXEC mode, enter the
enable EXEC command at the user access level prompt and specify the admin password when prompted
for a password.
In TACACS+, the enable password feature allows an administrator to define a different enable password
per administrative-level user. If an administrative-level user logs in to the WAAS device with a
normal-level user account (privilege level of 0) instead of an admin or admin-equivalent user account
(privilege level of 15), that user must enter the admin password to access privileged-level EXEC mode.
WAE> enable
Password:
- Numerics 1
- OL-26579-01 10
- Audience 15
- Document Organization 15
- OL-23593-01 16
- Document Conventions 17
- Related Documentation 18
- Introduction to Cisco WAAS 21
- Traffic Optimization Process 23
- Key Services of Cisco WAAS 24
- Windows Scaling 25
- Increased Buffering 25
- Selective Acknowledgment 25
- Compression 26
- Benefits of Cisco WAAS 27
- File Services Features 28
- WAAS Print Services 29
- Virtualization 30
- WAAS Central Manager GUI 30
- WAAS Central Manager Menus 34
- Table 1-2 Menu Descriptions 35
- WAE Device Manager GUI 37
- WAAS CLI 38
- Autodiscovery of WAAS Devices 40
- WCCP Support 41
- PBR Support 41
- Inline Interception Support 42
- RAID Compatibility 42
- Streamlined Security 43
- SNMP Support 43
- Planning Your WAAS Network 45
- Planning Checklist 46
- Site and Network Planning 48
- Windows Network Integration 49
- UNIX Network Integration 50
- Firewalls and Directed Mode 51
- • Domain-name (option 15) 53
- • Host-name (option 12) 53
- Interoperability and Support 54
- Unicode Support Limitations 55
- WAAS Devices and Device Mode 59
- Changing Device Mode 60
- Step 5 Reenable CMS services 61
- IP ACLs on WAEs 69
- Interception ACLs on WAEs 70
- Logically Grouping Your WAEs 71
- Data Migration Process 72
- About Device Groups 75
- Working with Device Groups 76
- Creating a New Device Group 77
- Deleting a Device Group 80
- Working with Device Locations 83
- Creating Locations 84
- Deleting Locations 84
- Viewing the Location Tree 85
- Configuring AppNav 87
- Information About AppNav 88
- AppNav Policy 90
- Policies 91
- Nested Policies 92
- Site and Application Affinity 92
- Site Affinity 93
- Default Policy Behavior 94
- AppNav Controller 97
- WAAS Node 98
- Prerequisites 100
- Detailed Steps 101
- Configuring an AppNav Cluster 102
- Configuring AppNav Policies 105
- AppNav Class Maps 105
- Within an AppNav Policy 108
- Managing AppNav Policies 110
- Adding an ANC to a Cluster 117
- Monitoring an AppNav Cluster 120
- AppNav Connection Tracing 123
- Internet 131
- Configuring WCCP on WAEs 135
- • dst-ip-mask= 0x0 137
- • src-ip-mask= 0xF00 137
- Configuring the Egress Method 155
- Edge-Router1 159
- Core-Router1 159
- Step 5 Click Submit 177
- Figure 1-9 Inline Cluster 177
- Configuring Network Settings 181
- Configuring TCP Settings 201
- Congestion Windows 203
- Retransmit Time Multiplier 203
- TCP Slow Start 204
- Path MTU Discovery 204
- Configuring Static IP Routes 205
- Configuring CDP Settings 206
- Configuring the DNS Server 206
- Configuring Directed Mode 208
- Authorization, and Accounting 209
- Authorization 212
- Figure 1-5 Windows Domain Tab 227
- LDAP Server Signing 231
- WAAS Devices 234
- Viewing Audit Trail Logs 241
- Accounts and Groups 243
- Working with Accounts 245
- Creating a New Account 246
- Working with Passwords 250
- Working with Roles 251
- Creating a New Role 252
- Modifying and Deleting Roles 255
- Viewing Role Settings 255
- Working with Domains 256
- Adding an Entity to a Domain 257
- Working with User Groups 259
- Creating a New User Group 260
- Viewing User Groups 262
- 1. Required field 270
- Modifying Device Properties 275
- Managing Software Licenses 277
- Configuring NTP Settings 279
- Time Zone 282
- (in hours) 282
- Secure Store Overview 284
- Security Verification 295
- Using IPMI over LAN 298
- BMC Firmware Update 299
- Enabling IPMI Over LAN 300
- Managing WAAS Express Devices 301
- Configuring a User 304
- Configuring an NTP Server 307
- Step 4 Click Submit 309
- WAE Management Workflow 313
- Managing a Cisco WAE 313
- Control Option 314
- Configuration Option 318
- Viewing Network Settings 319
- Utilities Option 327
- Preposition Option 330
- Monitoring the WAE 332
- Monitoring Graphs 333
- Viewing WAE Logs 337
- Viewing Cisco WAE Logs 338
- Configuring File Services 341
- About File Services 342
- Automatic Discovery 343
- Data Coherency 343
- Prepositioning 345
- Data Concurrency 345
- Microsoft Interoperability 346
- Preparing for File Services 347
- About Preposition Directives 351
- Step 14 Click Submit 366
- Configuring DRE Settings 367
- Configuring HTTP Acceleration 367
- About HTTP Metadata Caching 369
- Configuring MAPI Acceleration 371
- Figure 1-7 Encrypted Services 377
- Disabling Encrypted MAPI 382
- Configuring SMB Acceleration 384
- Configuring ICA Acceleration 387
- Configuring SSL Acceleration 388
- Working with Cipher Lists 395
- SSL Auto Enrollment 400
- Viewing a Policy Report 417
- Viewing a Class Map Report 417
- Configuring Virtual Blades 425
- About Virtual Blades 426
- Guidelines and Limitations 438
- Configuring the NAM 438
- Configuring the Basic Setup 439
- Configuring a Site 441
- Definition Rules 442
- Viewing Defined Sites 443
- Defining Sites 444
- Editing a Site 445
- Deleting a Site 445
- Configuring a Data Source 447
- Editing a WAAS Data Source 449
- Deleting a WAAS Data Source 449
- Setting Preferences 450
- Navigation 451
- Top Talkers Dashboards 452
- Traffic Summary 453
- Top Talkers Details 453
- Throughput Dashboards 454
- Application 455
- Conversation Multisegments 455
- Maintaining Your WAAS System 457
- Upgrading the WAAS Software 458
- Deleting a Software File 464
- recovery CD-ROM ships with 467
- Preparing the USB Flash Drive 469
- Reload the module: 473
- Enabling Disk Encryption 486
- Monitoring Graphs and Charts 494
- Alarm Panel 495
- Device Alarms 496
- Viewing Device Information 498
- Device Dashboard Window 500
- Adding a Chart or Table 505
- Chart and Table Descriptions 506
- TCP Optimization Charts 507
- Acceleration Charts 508
- HTTP Acceleration Charts 509
- HTTPS Acceleration Charts 510
- Video Acceleration Charts 511
- SSL Acceleration Charts 512
- MAPI Acceleration Charts 512
- NFS Acceleration Charts 514
- SMB Acceleration Charts 515
- ICA Acceleration Charts 516
- Connection Trend Charts 517
- AppNav Charts 518
- Platform Charts 519
- Statistics Details (Tables) 520
- Traffic Summary Table 521
- Location Level Reports 528
- TCP Summary Report 528
- HTTP Acceleration Report 529
- HTTPS Acceleration Report 529
- Video Acceleration Report 529
- SSL Acceleration Report 530
- MAPI Acceleration Report 530
- NFS Acceleration Report 530
- SMB Acceleration Report 530
- ICA Acceleration Report 531
- Summary Report 531
- Topology Report 532
- Connection Trend Report 532
- Connections Statistics Report 532
- CIFS Acceleration Report 533
- Resource Utilization Report 534
- Disks Report 534
- Managing Reports 535
- Creating Custom Reports 536
- Viewing and Editing Reports 537
- Scheduling Reports 538
- Managing Scheduled Reports 539
- Configuring Flow Monitoring 540
- Alarms for Flow Monitoring 541
- Configuring and Viewing Logs 542
- Priority Levels 544
- Enabling Transaction Logging 545
- Transaction Logs 547
- Viewing the Audit Trail Log 549
- Viewing the Device Log 549
- Troubleshooting Tools 550
- Using Diagnostic Tests 551
- Using WAAS TCP Traceroute 553
- Configuring SNMP Monitoring 555
- SNMP Communication Process 556
- Supported SNMP Versions 557
- Supported MIBs 558
- CISCO-APPNAV-MIB 559
- CISCO-CDP-MIB 560
- CISCO-CONFIG-MAN-MIB 560
- CISCO-CONTENT-ENGINE-MIB 560
- CISCO-ENTITY-ASSET-MIB 560
- CISCO-SMI 561
- CISCO-WAN-OPTIMIZATION-MIB 561
- About SNMP 562
- ENTITY-MIB 563
- EVENT-MIB 564
- HOST-RESOURCES-MIB 564
- Downloading MIB Files 565
- Preparing for SNMP Monitoring 567
- Enabling SNMP Traps 567
- Defining SNMP Traps 570
- Specifying the SNMP Host 572
- Creating SNMP Views 574
- Creating an SNMP Group 575
- Creating an SNMP User 576
- APPENDIX 581
- LZ+TFO+DRE 7000–7009 584
- –7431, 7501, 7510 588
- Transaction Log Format 591
- Fully Optimized on both sides 593
- Pass-Through Connection 594
- System Restart 594
Related products and manuals for Networking Cisco Wide Area Virtualization Engine 274
Networking Cisco OL-6900-01 User Manual
(126 pages)
(126 pages)
Networking Cisco RT31P2-NA User Manual
(73 pages)
(73 pages)
Networking Cisco 675E User's Guide
(50 pages)
(50 pages)
Networking Cisco PXM Version 1.1 User's Guide
(972 pages)
(972 pages)
Networking Cisco uBR904 Specifications
(38 pages)
(38 pages)
Networking Cisco WS-C3020 User Manual
(8 pages)
(8 pages)
Networking Cisco AG310 User's Guide
(87 pages)
(87 pages)
Networking Cisco NSLU2 Datasheet
(14 pages)
(14 pages)
Networking Cisco WRT160NL User Manual
(68 pages)
(68 pages)
(50 pages)© 2020, manymanuals.com. All rights reserved. | 0.053 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals