Authentication summary, Table 3.5: authentication method summary – Avocent CCM User Manual

Chapter 3: Operations 31

No authentication

When authentication is disabled, users are not authenticated. Telnet sessions to serial ports are
accepted immediately, and users are not prompted for a username or password. In this case, users
are granted access only to the port to which they are connected, including Break access.
Connections to the Telnet port (23), serial CLI and PPP are still authenticated using the local CCM
user database, even when authentication is expressly disabled. Generally, these communications
paths are used only by administrators, and authentication is enforced in order to establish
appropriate access rights.
Authentication may not be disabled when SSH session access is enabled.

Authentication summary

Table 3.5 indicates how authentication is performed according to the authentication method
specified and the type of connection to the CCM appliance.

To specify the authentication method:

1. For RADIUS authentication, issue a Server RADIUS command.

SERVER RADIUS PRIMARY|SECONDARY IP=<radius_ip> SECRET=<secret> USER-
RIGHTS=<attr> [AUTHPORT=<udp>] [TIMEOUT=<time-out>] [RETRIES=<retry>]
You must specify the server’s IP address, the UDP port to be used and a “secret” to be used.
You must also specify a user-rights attribute value that matches a value in the RADIUS
server’s dictionary.
You may also use this command to delete a RADIUS server definition.
SERVER RADIUS PRIMARY|SECONDARY DELETE
For more information, see Server RADIUS command on page 69.

Table 3.5: Authentication Method Summary

Mode

Connection Type and Authentication Action

Local

All sessions are authenticated using the CCM user database.

RADIUS

Telnet and SSH sessions are authenticated using RADIUS. Serial CLI sessions are
authenticated using the CCM user database.

Local,RADIUS

Telnet and SSH sessions are authenticated using the CCM user database. If that
fails, authentication uses RADIUS. Serial CLI sessions are authenticated using the
CCM user database.

RADIUS,Local

Telnet and SSH sessions are authenticated using RADIUS. If that fails,
authentication uses the CCM user database. Serial CLI connections are
authenticated using the CCM user database.

None

Telnet to serial port sessions use no authentication. Telnet CLI and serial CLI
sessions are authenticated using the CCM user database. This authentication mode
cannot be used for SSH connections.