18-12
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
18






Administering

the

Cisco

Application

Networking

Manager
Configuring
User

Authentication

and

Authorization
Authentication
Server
Hostname
or

IP

address

of

a

RADIUS,

TACACS+,

or

LDAPS

server

for

remote

user
authentication.
Note
Setting
the
server

with

this

command
is

mandatory
if
you

set

the
Authentication
attribute
to

anything

other

than

the

default

(local).
If
you

select

a

remote

authentication

method,

you

might

need

to

specify

a

separate

user
ID
for

the

authentication

server.
For
AD/LDAPS,

you

must

provide

the

FQDN

of

the

server

(which

must

be

in

the

users
authenticating
domain).
Note
ANM
supports

LDAPS

only
through
Active

Directory

(AD).
Authentication
Port
(Optional)
Destination

port

for

communicating

authentication

requests

to

the
authentication
server

as

follows:


RADIUS—By
default,

the

RADIUS

authentication

port

is

1812

(as

defined
in
RFC
2138
and

RFC

2139).

If

your

RADIUS

server

uses

a

port

other

than

1812,
configure
ANM

for

the

appropriate

port.

Valid

values

are

from

1

to

65535.


TACACS+—By
default,

the

TACACS+

authentication

port

is

49

(a

s

defined

in
RFC
1492).

If

your

TACACS+

server

uses

a

port

other

than

49,

configure

ANM

for
the
appropriate

port.

Valid

values

ar

e

fr

om

1

t

o

65535.


LDAPS—By
default,

the

LDAP

server

port

is

636.

If

your

LDAP

server

uses

a

port
other
than

636,

configure

ANM

for

the

appropriate

port.

Valid

values

are

from

1

to
65535.
Secondary
Authentication

Server
(Optional)
Hostname

or

IP

address

for

the

secondary

RADIUS,

TACACS+,

or

LDAPS
server
used

for

authentication

in

case

the

primary

server

is

unavailable.
Secondary
Authentication

Port
(Optional)
Destination

port

on

the

secondary

RADIUS,

TACACS+,

or

LDAPS

server
for
communicating

authentication

requests

if

the

primary

server

is

unavailable.
Authentication
Secret
String
used

to

encrypt

the

traffic

between

Cisco

ANM

and

the

AAA

server.

This

string
must
be

identical

on

bot

h

servers.
Remote
Authorization
(Optional)
Field

that

appears

only

when

the

Authentication

attribute

is

set

to
TACACS+.
Determines
whether

ANM

or

the

TACACS+

server

performs

user

authorization.
Uncheck
t

he

check

box

to

have

ANM

perform

user

authorization

locally

(this

is

t

he
default
setting).

Check

the

check

box

to

enable

remote

authorization

by

the

TACACS+
server.
If
you

enable

remote

authorization,

you

must

configure

the

TACACS+

server

with

the
role
and

domain

information

associated

with

each

user

(see

the

“Configuring

Remote
User
Authorization

Using

a

TACACS+

Server”

section

on

pa

ge

18-45 ).
Note
All
role

and

domain

definitions

are

stored

locally

on

ANM

(see

the
“Managing
User
Roles”

section

on

page

18-25

and

the

“Managing

Domains”

section

on
page
18-32 ).
Table
18-2
Organization
Attributes

(continued)
Attribute
Description