|
|
The following table lists configurable text files in the CiscoSecure ACS 2.3 for UNIX product:
$BASEDIR/config/CSU.cfg AAA Server control file $BASEDIR/config/CSConfig.ini DBServer configuration file $BASEDIR/ns-home/docs/CScgi/CSS_Config.ini CGI configuration file $BASEDIR/ns-home/admserv/ns-admin.conf Netscape Admin Server configuration file $BASEDIR/ns-home/httpd-websrvr/config /magnus.conf where websrvr is the name displayed when you enter uname -n at the web server. Netscape Web Server configuration file $BASEDIR/FastAdmin/turbo.conf Acme Web Server config file $BASEDIR/CSU/libenigma.conf Secure Computing SafeWord AS config file $BASEDIR/CSU/libdb.conf AAA Server DBClient configuration file $BASEDIR/utils/bin/env_setup CSdbTool/ExecSQL configuration file $BASEDIR/utils/CSProperties.txt CSimport/CSmigrate configuration file
Table 16-1: Configuration Files for CiscoSecure ACS
Path and Filename
Description
 |
Caution In addition to the configuration files mentioned above, there are also many script files that have the path to where CiscoSecure is installed hard-coded. For this reason, we never recommend moving the directory where the CiscoSecure ACS 2.3 for UNIX software is installed. |
The syntax of the server control file is similar to that of C-language syntax. Each statement or grouping is terminated by a semicolon. Comments begin with the characters "/*" and end with the characters "*/". Lines can be continued on a successive line by ending them with a back-slash (\).
The variables shown in Table 16-2 are either valid in the CSU.cfg file or appear there when the CiscoSecure ACS is installed.
String /var/log The file where accounting records are stored in case of database failure. Example: Number 1 (enable) Whether to enable or disable inclusion of per user group membership information in an accounting record if a user profile has the "accounting feature" attribute added. When this function is disabled, an accounting record for a user session will not insert group information in the accounting record. 1 = enable; 0 = disable Example: For details on the accounting feature attribute and group membership accounting information, see "Tuning CiscoSecure ACS Performance and Configuration." Number 5 (seconds) Number of seconds to maintain group profile records in the ACS profile cache. Normally group profiles are maintained in the profile cache for only short periods to save system memory; however, if group profile information is frequently accessed for ACS authentication, authorization, and accounting functions, you can improve performance by extending the seconds a group profile remains in cache before timing out. 0 = no timeout Example: Number 1 (enable) Whether to enable or disable the use of the caller ID as a username when a username cannot be found. If the caller ID support feature is not required, Cisco recommends disabling it to improve authentication performance. 1 = enable; 0 = disable Example: For details on caller ID support, see the section Caller ID Profile-Sample Configuration in the chapter, "Strategies Applying Attributes" in the CiscoSecure ACS 2.3 for UNIX User Guide. Number 1 (enable) Whether to enable or disable use of the default user profile if the user/callerID cannot be found. If the default user/caller ID support feature is not required, Cisco recommends disabling it to improve authentication performance. 1 = enable; 0 = disable Example: config_distmaxsessions 0 (disable) Whether to enable or disable the Distributed Session Manager (DSM) features in CiscoSecure ACS 2.3 for UNIX packages with the optional DSM module. Even if you installed CiscoSecure with the licensed DSM module, you must enable this variable after installation to enable the DSM features. The enabled setting is valid only if the optional DSM module has been licensed and installed. Normally, this setting is enabled through the Max Sessions Enabled field in the CiscoSecure Administrator AAA>General web page. Important: If this variable is enabled, then the config_maxsessions_enable variable, which enables limited AAA server-based max sessions control, must be disabled. Number 60 (days) Number of days before a (new) password changed via CHPASS expires. Example: Number 1 (true) Whether the AAA server should perform IP address-to-hostname lookups. Example: Number 0 (disable) Whether to enable or disable use of hex string in the RADIUS string type. This variable can be toggled to enable ACS output of raw binary data required by certain models of U.S. Robotics NASes. If this function is enabled, you can enter any binary string by using "0x" followed by the hexadecimal representation of the string you wish to output. For example, "0x30313a3222" would generate "01:23." 1 = enable; 0 = disable Example: List None The license key used to enable the product. Example: Number 300 (seconds) Maximum number of seconds to hold an idle NAS connection open. Example: Number 0x7E Configure logging parameters.The default (0x7E) turns on all the standard logging levels. Additional details and debugging information can be configured through options in the CiscoSecure ACS AAA General web page, described in "Managing General Settings on the ACS" in the chapter "ACS and NAS Management" of the CiscoSecure ACS 2.3 for UNIX User Guide. Example: Number 10 The maximum number of failed authentications allowed until a profile is disabled. This feature minimizes the possibility of successful "random password generator" attacks on CiscoSecure user accounts. This setting is normally determined by the value you specify for the Max Failed Authentications field in the CiscoSecure ACS AAA General web page. Number 0 (disable) Whether to enable or disable the limited AAA server implementation of max sessions checking of groups or users. 1 = enable; 0 = disable Example: Normally, this setting is enabled through the Max Sessions Enabled field in the CiscoSecure Administrator AAA>General web page. Number 1440 (minutes) Number of minutes after which a session will be considered closed by the limited AAA max sessions counter. The purpose of this variable is to remove from the max sessions count sessions that should be timed out, but that, for some reason, have not been noted as closed or decremented by the max session counter. It does not actually enforce closure of the session in the NAS. Example: Number 60 (minutes) Interval in minutes between checking the possible timeout of sessions for the purpose of updating the max sessions counter. Example: Number 0 (disable) Whether to enable or disable AAA server metrics monitoring. This feature records AAA server performance statistics (such as transactions per second, total authentications) in the csuslog file. 1 = enable; 0 = disable Example: For a description of the AAA server metrics, see "Troubleshooting "Severe SQL Error" Messages" in "Troubleshooting Information." See the config_metrics_log_interval description for other related information. Number 8 (seconds) Number of seconds between the AAA metrics updates to the csuslog file. See the config_metrics_enable description in this table for related information. Example: NAS None Specifies for each TACACS+ NAS client, the NAS host name, the secret encryption key, message catalog, username retries allowed, password retries allowed, default NAS configuration (1/0), trusted NAS for SEND pass (1/0), and password expiration period in days. Example: Number 1 (on) Decide whether to TCP_NODELAY on TCP1 sockets, and thus turn off the Nagel algorithm. Should be left ON for performance reasons. Example: Number 1 Privilege level at which a user can change his/her own password. Example: Number 16384 (16 KB) Buffer size to allocate for receive function in each TCP connection. Example: Number 5 This variable is no longer used. Number 16384 (16 KB) Buffer size to allocate for send function in each TCP connection. Example: String NA The IP address of the CiscoSecure ACS. Do not change this value. Number 0x80 Syslog facility under which to log. Example: Number -4 System priority to assign the CiscoSecure ACS daemon. Example: Number 86400 (seconds The absolute number of seconds that a token password will be cached for users being authenticated through the CiscoSecure ACS. This is the time out for the tokens that are using method=session. There are cases where a token can remain valid forever if the stop record was lost. This is meant to be a safeguard parameter that does not allow any token (method=session) to remain valid beyond the configured time. This setting is normally determined by the value you specify for the Token Cache Absolute Timeout field in the CiscoSecure ACS AAA General web page. String None This variable is no longer used Number 1 (on) Determines whether SO_KEEPALIVE on TCP sockets should be set. Example: Number 20 (days) Number of days before a password expires during which the user is warned that his or her password will expire soon. Example:
Table 16-2: Variables in the CSU.cfg Files
Type
Name
Default
Description and Example
/CSAccounting
LogSTRING config_acct_filename = "/spec/Acct";
NUMBER config_acct_fn_enable = 0;
NUMBER config_cache_group_timeout = 240
NUMBER config_callerid_enable = 0;
NUMBER config_defaultuser_enable = 0;
_enable
NUMBER config_expiry_period = 30;
NUMBER config_get_names_from_dns = 0;
NUMBER config_hex_string_support_enable = 1
LIST config_license_key = {"061db8afcf66db981f3c"};
NUMBER config_limit_for_idle_connection = 300;
NUMBER config_logging_configuration = 0x7E
NUMBER
config_logging_configuration = 0xffffffff; /* allow RADIUS debug */
NUMBER
config_logging_configuration = 0xffffff7f; /* no RADIUS debug */
NUMBER config_maxsessions_enable = 1;
Note If this parameter is enabled, then the config_distmaxsessions_enable parameter, which enables full DSM-based max sessions control, must be disabled.
NUMBER config_maxsessions_session_timeout = 60;
Note This variable applies only to the limited AAA server implementation of max sessions checking. For details on this variable see the "Tuning AAA Server-Based Timed Out Max Sessions Counts" section.
NUMBER config_maxsessions_purge_interval = 90;
Note This variable applies only to the limited AAA server implementation of max sessions checking. For details on this variable see the "Tuning AAA Server-Based Timed Out Max Sessions Counts" section.
NUMBER config_metrics_enable = 1;
Note AAA server metrics information can cause the csuslog file to grow extremely large. Cisco recommends enabling this feature only for short periods of time.
NUMBER config_metrics_log_interval = 10;
NAS
config_nas_config = {
{
"NAS_NAMEA", "SECRET12345","./cat_1",1,3,1,1,30
}
{
"NAS_NAMEB", "SECRET16789","./cat_1",1,3,0,0,30
}
}
NUMBER config_nodelay_for_tcp = 1;
NUMBER config_priv_level_for_own_CHPASS = 1;
NUMBER config_receive_buffer_size = 8192;
NUMBER config_send_buffer_size = 8192;
NUMBER config_system_logging_level= 0x80;
NUMBER config_system_priority_level = -4;
in one day)
NUMBER config_use_keepalives = 1;
NUMBER config_warning_period = 10;
1TCP = Transmission Control Protocol.
To improve authentication performance, you can set some of the CSU.cfg variables described in Table 16-2 to disabled status if the feature they toggle is not required for your operation. Disabling unneeded optional features improves authentication performance by stopping processes that require additional system time.
The following variables can be set to disable if you do not require the feature that they toggle on and off (for example: config_maxsessions_enable = 0):
For any of these listed variables, check the description in Table 16-2 to decide whether you need the feature they enable or not.
Two CSU.cfg variables enable AAA server metrics information in the csuslog file keeps a running total of the authentication checks, accounting, max sessions, and profile information requests sent to the relational database management system (RDBMS), and the current rate of authentication checks performed per second.
To activate AAA server metrics logging, set the following parameters and values in the $BASEDIR/config/CSU.cfg file:
config_metrics_enable = 1 config_metrics_log_interval = interval_seconds
where interval_seconds is the interval, in seconds, between AAA metrics polling.
Typical AAA metric data output to a csuslog file, is shown below:
Mar 9 06:11:33 srv1 Total Authentications = 3176 APS = 0.0 Mar 9 06:11:33 srv1 TotalReqs TotalSec Mar 9 06:11:33 srv1 Accounting 3164 901.85 Mar 9 06:11:33 srv1 MaxSessions 3176 463.81 Mar 9 06:11:34 srv1 Profile 2974 248.26
Each log entry line displays the date and time of the entry and the name of the AAA server doing the processing. Other values displayed include:
|
Note The values in the TotalReqs and TotalSec columns are based on the database requests made and the processor seconds consumed since the last time the CSU.cfg variable config_metrics_enable was disabled and reenabled and the CiscoSecure ACS was reinitialized. |
After AAA server-based max sessions control is enabled, the AAA server-based session counter follows default CSU.cfg file settings to carry out a maintenance routine that identifies and cleans out the records of timed out sessions from CiscoSecure users' session counts. By default the AAA server-based session counter considers sessions over 1440 minutes (24 hours) to be timed out and purges the record of such sessions from its session count every 60 minutes.
You can edit the following variables in the CSU.cfg file to adjust these parameters:
|
Note This setting does not actually close or time out a CiscoSecure session; rather, it is used to "clean up" the records of sessions that should have already closed or timed out but that, for some reason, have not been noted as closed by the max sessions counter and thus not decremented. To set actual time out values for your users' CiscoSecure sessions, apply the TACACS+ timeout attribute or the RADIUS session-timeout attribute to their group or user profiles. |
The CSConfig.ini file tunes the performance of the DBServer module of the CiscoSecure ACS software.
You can edit the CSConfig.ini file to restrict administrative access to the CiscoSecure ACS Administrator web pages and command-line interface (CLI) to a specified list of workstations to which you have assigned IDs.
Step 2 Insert or edit the following lines in the [ValidClients] section of the CSConfig.ini file:
[ValidClients]
ID_num = my_wrk_station
.
.
.
ValidateClients = {true|false}
where:
|
Note Repeat the line ID_num = my_wrk_station to assign a unique ID number to every workstation with which you want to access the CiscoSecure ACS Administrator web pages or the CLI. |
Step 3 After editing the CSConfig.ini file, restart the CiscoSecure ACS to apply the changes.
CiscoSecure enables the "Valid Client" feature in the CSConfig.ini configuration file by default in release 2.3(5) and later; previously, this feature was disabled by default. This feature requires a valid list of ip addresses (trusted hosts) to access the DBserver. A configuration parameter "FastAdminValidClients" was added which allows the Fast Administration web-based GUI to permit the same IP addresses specified in the valid clients list. This configuration changes enable a higher default security level in the CiscoSecure product.
In the following example:
[ValidClients] 100 = ws-barrylee 120 = ws-pameagan ValidateClients = true
two workstations, with the FQDNs of ws-barrylee and ws-pameagan, are authorized to access the CiscoSecure administration tools. The setting ValidateClients = true stops any workstation not specifically listed in the [ValidClients] section from accessing the CiscoSecure ACS web pages or CLI.
In the following example:
[ValidClients] 100 = ws-barrylee 120 = ws-pameagan ValidateClients = false
the setting ValidateClients = false allows any workstation to access the CiscoSecure ACS web pages or the CLI, whether or not it is specifically listed in the [ValidClients] section.
LogRawAccountingPacketToDB enable Enables writing of log account packets in the RDBMS cs_accounting_log database table. BufferAccountingPackets enable Enables buffering of account packets in memory before storing in the RDBMS. If this setting is enabled, the DBServer module creates enough buffers to match the number of database connections available minus 2 up to a maximum of 8 buffers. AccountingBufferSize 500 Specifies, in bytes, the size of each packet buffer. Permissible values range from 5 to 10000. ProcessInMemoryMaxSessionInfo enable Enables processing of user max sessions information to save in memory. Supports limited DBServer-based max sessions counting. Normally, this setting is enabled or disabled through the Max Sessions Enabled field in the CiscoSecure Administrator AAA>General web page. ArchiveMaxSessionInfoToDB enable Enables writing of user max sessions information to the RDBMS cs__user_accounting database table. Supports limited DBServer-based max sessions counting. Normally, this setting is enabled or disabled through the Max Sessions Enabled field in the CiscoSecure Administrator AAA>General web page. AcctPurgeInterval 60 Specifies, in minutes, the minimum interval between the times that the system checks for accounting sessions to purge. Because this purge check interval is dependent upon internal variably-timed DBServer processes, the value set here is not accurate to the minute. For example, the setting: does not necessarily guarantee that a purge check will be performed every 75 minutes. It does guarantee that a purge check will be performed no more frequently than once every 75 minutes. The actual interval between purge checks could be anything from 75 minutes to 135 minutes. The minimum value for this parameter is 60 minutes. For details on this parameter see the "Tuning DBServer-based Timed Out Max Sessions Counts" section. AcctPurgeTimeOut 1440 Specifies the maximum number of minutes that a CiscoSecure session can remain open before the system assumes it is timed out and purges it. This value is dependent on the AcctPurgeInterval setting and is not accurate to the minute. It is not intended to be set to less than 60. For details on this parameter see the "Tuning DBServer-based Timed Out Max Sessions Counts" section.
Table 16-3: Accounting Management Parameters in the CSConfig.ini File
Parameter
Default
Description and Example
Note In case of sudden termination of the DBServer module (that is, situations where the DBServer is terminated before it can issue a "DBServer has shut down" message), records in this buffer will be lost.
Note If full DSM-based max sessions counting, or limited AAA server-based max sessions counting are enabled, this parameter must be disabled.
Note If the BufferAccountingPackets and ProcessInMemoryMaxSessionInfo parameters are enabled, then max sessions information records will be buffered as well.
Note If full DSM-based max sessions counting, or limited AAA server-based max sessions counting are enabled, this parameter must be disabled. AcctPurgeInterval = 75
The buffering of accounting records in memory carries an inherent risk of record loss in the unlikely event that the DBServer terminates ungracefully or is unable to write to the RDBMS for some other reason. To minimize this risk, you can set the BufferAccountingPackets and ProcessInMemoryMaxSessionInfo parameters to disable to stop accounting record buffering; however, doing so will adversely and substantially affect accounting performance.
|
Note The information in this section applies only to changes to the database that are not made through the CiscoSecure DBServer but through third-party utility programs or CiscoSecure user database replication operations. |
You can edit the DBPollInterval parameter in the [ProfileCaching] section of the $BASEDIR/config/CSConfig.ini file to modify the CiscoSecure profile caching interval. The syntax is:
DBPollInterval=caching_interval
where caching_interval specifies the interval, in minutes, between profile cache updates from the RDBMS. For example, the default setting of every 30 minutes is specified as:
DBPollInterval=30
Seconds can be specified as fractions of minutes. For example:
DBPollInterval=1 1/2
DBPollInterval=15/60
Once DBServer-based max sessions control is enabled, the DBServer-based session counter follows default CSConfig.ini file settings to carry out a maintenance routine that identifies and cleans out the records of timed out sessions from CiscoSecure users' session counts. By default the DBServer-based session counter considers sessions of over 1440 minutes (24 hours) to be timed out and purges the record of such sessions from its session count every 60 minutes.
You can edit the following parameters in the [AccountingMgr] section of the CSConfig.ini file in the to modify these default settings:
AcctPurgeInterval = 75 |
Note This setting does not actually close or time out a CiscoSecure session, rather it is used to "clean up" the records of sessions that should have already closed or timed out but that, for some reason, have not been noted as closed by the max sessions counter and thus not decremented. To set actual timeout values for CiscoSecure sessions, apply the TACACS+ timeout attribute or the RADIUS session-timeout attribute to a group or user profile. |
Message catalogs allow system administrators to redefine the set of messages sent by the CiscoSecure ACS to the users connecting to a particular NAS. Message catalogs are editable text files containing message strings that can be customized to support particular groups of users on a per-NAS basis.
A system administrator can customize multiple message catalogs to set up specific TACACS+-enabled NASes to support users of specific language backgrounds logging in to the network.
For example, to set up a specific NAS to display Spanish language messages and prompts to the users dialing in, a system administrator can edit and rename an existing message catalog, substituting Spanish language message strings for the message strings already there. (A line in a message catalog consists of a CiscoSecure message ID and a message string. The message ID is not configurable. The message string can be whatever characters you specify.)
The system administrator can then associate that message catalog with the target NAS.
Multiple message catalogs can be set up to support multiple NASes, each NAS with a different user community based on language.
Each TACACS+-enabled NAS served by a CiscoSecure ACS can have a different message catalog assigned to it if necessary.
You can assign TACACS+-enabled NASes a message catalog through the NAS Message Catalog filename field in the AAA NAS page on the CiscoSecure ACS Administrator web site (See "Managing Profiles for TACACS+-Enabled NASes" in the chapter "ACS and NAS Management" of the CiscoSecure ACS 2.3 for UNIX User Guide.)
|
Note You cannot assign specific message catalogs to NASes enabled for RADIUS-only. |
The format of a line in the message catalog is:
msg_ID "msg_string "
Where
msg_ID is a predefined value permanently associated with a specific CiscoSecure message or prompt.
msg_string is a message string of whatever characters you specify.
For example:
3 "Hello\040there" 2 "ok, what's your password\012"
The formatting and display of messages are determined by the NAS. By convention, however, the Return-Linefeed sequence in the message catalog is represented by a newline (\n) character. You enter special characters using escaped octal notation in which the first character is a backslash (\) and is followed by 3 octal digits representing the ASCII value of the character.
For example, a Return is represented by the value \010 and a Linefeed is represented by the value \012. Extended character sets can contain null values, which are acceptable because each message is stored with an associated length field and is not null terminated.
The following list identifies the default message IDs, message names, and message strings used by the CiscoSecure ACS software:
|
Note Only messages 0 through 18 can be customized by the system administrator. |
0, "\nUser Access Verification\n" 1, "Username:" 2, "Password:" 3, "" 4, "Change password sequence" 5, "Error - passwords the same" 6, "Your password has expired" 7, "Too many tries for username" 8, "Too many tries for password" 9, "New password:" 10, "New password again:" 11, "The passwords are different" 12, "Bad password" 13, "You cannot change your password" 14, "Your account will expire in %d days" 15, "Your password will expire in %d days" 16, "A password must be between 6 and 13 characters long, containing at least one alphabetic and one numeric character." 17, "Unable to save your changes in the database" 18, "Your account is currently disabled."
19, "Dummy" 20, "Authentication - User not found" 21, "Authentication - Bad method for user" 22, "Authentication - Bad type" 23, "Authentication - No username specified" 24, "Authentication - Insufficient privilege" 25, "Authentication - Unexpected data" 26, "Authentication - Unexpected reserved data" 27, "Authentication - Incorrect password" 28, "Authentication - Aborted sequence" 29, "Authentication - File handling error" 30, "Authentication - Unknown password type" 31, "Authentication - User not in file" 32, "Authentication - Error in external function" 33, "Authentication - Bad service" 34, "Authentication - Bad action" 35, "Authentication - Bad password" 36, "Authentication - No token passcode received" 37, "Authentication - SENDPASS successful" 38, "Authentication - SENDPASS failed" 39, "Authentication - LOGIN successful" 40, "Authentication - ENABLE successful" 41, "Authentication - CHPASS successful" 42, "Authentication - SENDAUTH successful" 43, "Authentication - SENDAUTH failed" 44, "Authentication - Too many tries" 45, "Authentication - Cant change password" 46, "Authentication - Change password failed" 47, "Authentication - Account disabled" 48, "Authentication - Maximum session exceeded" 49, "Protocol - Username too long" 50, "Protocol - Token passcode too long" 51, "Protocol - NAS name too long" 52, "Protocol - NAS port name too long" 53, "Protocol - NAC address too long" 54, "Protocol - Invalid privilege field" 55, "Protocol - Session id in use" 56, "Protocol - No session found" 57, "Protocol - Incorrect type" 58, "Protocol - Incorrect session" 59, "Protocol - Incorrect sequence" 60, "Protocol - Incorrect version" 61, "Protocol - Garbled message" 62, "Protocol - Read timeout" 63, "Protocol - Connection closed" 64, "Protocol - Bad type" 65, "Maximum number of users exceeded" 66, "Protocol - mismatched encryption" 67, "Protocol - mismatched encryption keys" 68, "Authorization - No service specified" 69, "Authorization - Failed mandatory argument" 70, "Authorization - Failed command line" 71, "Authorization - Failed service" 72, "Authorization - Failed time qualification" 73, "Authorization - Bad argument" 74, "Authorization - No command specified" 75, "Authorization - Failed command" 76, "Authorization - No protocol" 77, "Authorization - Unknown user" 78, "Authorization - Unauthorized NAS or PORT" 79, "Authorization - Request authorized" 80, "Authorization - Maximum sessions exceeded" 81, "RADIUS" 82, "DMS" 83, "Enter your new PIN, containing %s %s\nor press Y to have system generate a new PIN:" 84, "Re-Enter PIN:" 85, "PIN - %s Accept (Y/N)? " 86, "New PIN required! - Enter your new PIN, containing %s %s,\ncharacters or press return to cancel the New PIN procedure.\n\nEnter PIN:" 87, "Cannot change SDI password for user %s remotely" 88,"Enter PASSCODE:" 89, "Please enter the next code from your token:" 90, "New PIN required; do you wish to continue (Y/N)? "
If you change the default value of the Netscape FastTrack Server TCP/IP port number from 80 to some other value, you must perform the following additional steps to ensure continued operation of the Java-based CiscoSecure Administrator advanced configuration program.
NS_PATH=machine_name/cs/
to
NS_PATH=machine_name:new_port_num/cs/
where:
machine_name is where the CiscoSecure ACS is installed.
new_port_num is the new port number.
For example:
NS_PATH=rtp-evergreen:8080/cs/
Step 2 Locate the $BASEDIR/ns-home/httpd-hostname/config/magnus.conf file and change the following line:
Port 80
to
Port new_port_num
where new_port_num is the new TCP/IP port value.
If you use the Netscape Navigator or Netscape Communicator web browser to access the CiscoSecure ACS 2.3 for UNIX Administrator web pages, use the following procedures to increase GUI performance:
The Memory Cache dialog box opens.
Step 2 In the Memory Cache field, increase the number from the default (1024 kilobytes) to 8000.
Step 3 In the Disk Cache field, increase the number from the default (5000 kilobytes) to 20000.
Step 4 Click OK.
The increased memory and disk cache take effect immediately.
The Memory Cache dialog box opens.
Step 2 Click Clear Memory Cache Now.
Step 3 Click Clear Disk Cache Now.
Step 4 Click OK. The memory and disk cache are cleared immediately.
When running the administration GUI under Netscape Navigator, the virtual memory used by Netscape constantly increases. There are no known issues associated with this behavior.
To change the username and password on your FastTrack server:
http://name of your CiscoSecure Server:64000
A screen displays requesting your username and password.
Step 2 Enter your administrator username and password to gain access to the Web Server Administration section.
|
Note The default username is "admin" and the default password is "password." |
Step 3 Click the Configure Administration box.
Step 4 Click the Access Control line.
Editable fields for username and password display.
Step 5 Replace the username and password as necessary.
Posted: Sun Apr 2 16:19:22 PDT 2000
Copyright 1989 - 2000©Cisco Systems Inc.