Authentication summary – Avocent CCM1640 User Manual

Page 38

Advertising
background image

32

CCM840/1640 Installer/User Guide

The RADIUS server definition values specified in CCM commands must match

corresponding values configured on the RADIUS server. On the RADIUS server,

you must include CCM-specific information: the list of valid users and their

access rights for the CCM. Each user-rights attribute in the RADIUS server’s

dictionary must be specified as a string containing the user’s access rights for

the CCM, exactly matching the syntax used in the CCM User Add command.

Consult your RADIUS administrator’s manual for information about specifying

users and their attributes. The exact process depends on the RADIUS server

you are using.

No authentication

When authentication is disabled, users are not authenticated. Telnet sessions

to serial ports are accepted immediately, and users are not prompted for a

username or password. In this case, users are granted access only to the port

to which they are connected, including Break access.

Connections to the Telnet port (23), serial CLI and PPP are still authenticated,

even when authentication is expressly disabled. Generally, these

communications paths are used only by administrators, and authentication is

enforced in order to establish appropriate access rights.

Authentication may not be disabled when SSH session access is enabled.

Authentication summary

The CCM allows concurrent use of multiple authentication modes. This allows

Telnet and SSH clients to all access a single CCM as long as the appropriate

values are enabled.

You may optionally specify both RADIUS and local authentication, in either

order. In this case, authentication will be attempted initially on the first method

specified. If that fails, the second method will be used for authentication.

For example, if you enable local and RADIUS authentication (in that order),

authentication uses the CCM user database. If that fails, authentication goes to

the defined RADIUS servers. If you enable RADIUS and local authentication

(in that order), authentication goes first to the defined RADIUS servers. If that

fails, the local user database is used.

To specify the authentication mode:

1.

For RADIUS authentication, issue a Server RADIUS command.

SERVER RADIUS PRIMARY|SECONDARY IP=<radius_ip>
SECRET=<secret> USER-RIGHTS=<attr> [AUTHPORT=<udp>]
[TIMEOUT=<time-out>] [RETRIES=<retry>]

Advertising
This manual is related to the following products:

CCM840

Popular Brands
Popular manuals