Configuring a front line cisco access registrar – Cisco Cisco Access Registrar 3.5 User Manual

2-10

Cisco Access Registrar 3.5 Concepts and Reference Guide

OL-2683-02

Chapter 2 Understanding Cisco Access Registrar

Cross Server Session and Resource Management

When the front line Cisco AR server receives the access-request, it does the regular AA processing. If
the packet is not rejected and a Central Resource Cisco AR server is also configured, the front line Cisco
AR server will proxy the packet

1

to the configured Central Resource Cisco AR. If the Central Resource

Cisco AR server returns the requested resources, the process continues to the local session management
(if local session manager is configured) for allocating any local resources. If the Central Resource Cisco
AR server cannot allocate the requested resource, the packet is rejected.

When the Accounting-Stop packet arrives at the frontline Cisco AR, it does the regular accounting
processing. Then, if the front line Cisco AR server is configured to use Central Resource Cisco AR, a
proxy packet will be sent to Central Resource Cisco AR server for it to release all the allocated resources
for this session. After that, any locally allocated resources are released by the local session manager.

Session-Service Service Step and Radius-Session Service

A new Service step has been added in the processing of Access-Request and Accounting packets. This
is an additional step after the AA processing for Access packet or Accounting processing for Accounting
packet, but before the local session management processing. The Session-Service should have a service
type of Radius-Session.

An environment variable Session-Service is introduced to determine the Session-Service dynamically.
You can use a script or the policy engine to set the Session-Service environment variable.

Configuring a Front Line Cisco Access Registrar

To use a Central Resource server, the DefaultSessionService property must be set or the Session-Service
environment variable must be set through a script or the policy engine. The value in the Session-Service
variable overrides the DefaultSessionService.

The configuration parameters for a Session-Service service type are the same as those for configuring a
radius service type for proxy, except the service type is radius-session.

The configuration for a Session-Service Remote Server is the same as configuring a proxy server.

[ //localhost/Radius ]

Name = Radius

Description =

Version = 1.7R0

IncomingScript =

OutgoingScript =

DefaultAuthenticationService = local-users

DefaultAuthorizationService = local-users

DefaultAccountingService = local-file

DefaultSessionService = Remote-Session-Service

DefaultSessionManager = session-mgr-1

[ //localhost/Radius/Services ]

Remote-Session-Service/

Name = Remote-Session-Service

Description =

Type = radius-session

1. The proxy packet is actually a resource allocation request, not an Access Request.