Filter
Top Products
2-8
Cisco Access Registrar 3.5 Concepts and Reference Guide
OL-2683-02
Chapter 2 Understanding Cisco Access Registrar
Program Flow
• The secondary server will not know about the current active sessions that are maintained on the
primary server. Any resources managed by the secondary server must be distinct from those
managed by the primary server, otherwise it will be possible to have two sessions with the same
resources (for example, two sessions with the same IP address).
• The primary server will miss important information that allows it to maintain a correct model of
what sessions are currently active (because the authentication and accounting requests are being sent
to the secondary server). This means when the primary server comes back online and the NAS begins
using it, its knowledge of what sessions are active will be out-of-date and the resources for those
sessions are allocated even if they are free to allocate to someone else.
For example, the user-session-limit resource may reject new sessions because the primary server
does not know some of the users using the resource logged out while the primary server was off-line.
It may be necessary to release sessions manually using the aregcmd command release-session.
Note It may be possible to avoid this situation by having a disk drive shared between two systems
with the second RADIUS server started up once the primary server has been determined to
be off-line. For more information on this setup, contact Technical Support.
Script Processing Hierarchy
For request packets, the script processing order is from the most general to the most specific. For
response packets, the processing order is from the most specific to the most general.
Table 2-6, Table 2-7, and Table 2-8 show the overall processing order and flow:
(1-6) Incoming Scripts, (7-11) Authentication/Authorization Scripts, and (12-17) Outgoing Scripts.
Note The client and the NAS can be the same entity, except when the immediate client is acting
as a proxy for the actual NAS.
Table 2-6 Cisco Access Registrar Processing Hierarchy for Incoming Scripts
Table 2-7 Cisco Access Registrar Processing Hierarchy for
Authentication/Authorization Scripts
Overall Flow Sequence Incoming Scripts
1) Radius
2) Vendor of the immediate client.
3) Immediate client.
4) Vendor of the specific NAS.
5) Specific NAS
6) Service
Overall Flow Sequence Authentication/Authorization Scripts
7) Group Authentication.
8) User Authentication.
9) Group Authorization.