Cisco Cisco Expressway
Expressway configuration
Configure DNS server
Ensure one or more DNS server addresses are set up on the Expressway (
System > DNS
). DNS is required
for:
n
Finding the IP address of the LDAP server if the server is defined by name rather than IP address.
n
If SASL is enabled, part of the security process is to perform an IP address to name check – a reverse
DNS lookup for that LDAP server. If SASL is enabled, the DNS servers must support reverse DNS lookup.
DNS lookup for that LDAP server. If SASL is enabled, the DNS servers must support reverse DNS lookup.
Configure LDAP server details on Expressway
1. Go to
Users > LDAP configuration
.
2. Configure the following fields so that the Expressway can connect to the LDAP server to authenticate
login accounts and check group membership (you can use the questionnaire in to get the appropriate
information from your IT department):
information from your IT department):
Field
Description
Usage tips
Administrator
authentication
source
authentication
source
Select Both.
Both allows you to continue to use
locally-defined accounts. This is useful
while troubleshooting any connection
or authorization issues with the LDAP
server.
locally-defined accounts. This is useful
while troubleshooting any connection
or authorization issues with the LDAP
server.
You cannot log in using a locally-
configured administrator account,
including the default admin account, if
Remote only authentication is in use.
Note: do not use Remote only if
Expressway is managed by Cisco
TMS.
configured administrator account,
including the default admin account, if
Remote only authentication is in use.
Note: do not use Remote only if
Expressway is managed by Cisco
TMS.
FQDN
address
resolution
address
resolution
Defines how the LDAP server address is resolved.
SRV record: DNS SRV record lookup.
Address record: DNS A or AAAA record lookup.
IP address: entered directly as an IP address.
Host name
and Domain
and Domain
or
Server
address
address
The way in which the server address is specified
depends on the FQDN address resolution setting:
depends on the FQDN address resolution setting:
SRV record: only the Domain portion of the server
address is required.
address is required.
Address record: enter the Host name and
Domain. These are then combined to provide the
full server address for the DNS address record
lookup.
Domain. These are then combined to provide the
full server address for the DNS address record
lookup.
IP address: the Server address is entered directly
as an IP address.
as an IP address.
If using TLS, the address entered here
must match the CN (common name)
contained within the certificate
presented by the LDAP server.
must match the CN (common name)
contained within the certificate
presented by the LDAP server.
Cisco Expressway Authenticating Accounts Using LDAP Deployment Guide (X8.2)
Page 5 of 19
Expressway configuration