Avocent CPS1610 CPS User Manual

Page 38

Advertising
background image

32

CPS Installer/User Guide

Local authentication

Local authentication uses the CPS unit’s internal user database to

authenticate users.

RADIUS authentication

RADIUS authentication uses an external third-party RADIUS server containing

a user database to authenticate CPS users. The CPS, functioning as a RADIUS

client, sends usernames and passwords to the RADIUS server. If a username

and password do not agree with equivalent information on the RADIUS server,

the CPS is informed and the user is denied CPS access. If the username and

password are successfully validated on the RADIUS server, the RADIUS server

returns an attribute that indicates the access rights defined for that username.

To use RADIUS authentication, you must specify information about the

primary RADIUS server and optionally, a secondary RADIUS server to be used

as a backup.

The RADIUS server definition values specified in CPS commands must match

corresponding values configured on the RADIUS server.

On the RADIUS server, you must include CPS-specific information: the list of

valid users and their access rights for the CPS. Each user-rights attribute in the

RADIUS server’s dictionary must be specified as a string containing the user’s

access rights for the CPS, exactly matching the syntax used in the CPS User

Add command.

Consult your RADIUS administrator’s manual for information about specifying

users and their attributes. The exact process depends on the RADIUS server

you are using.

No authentication

When authentication is disabled, users are not authenticated. Telnet sessions

to serial ports are accepted immediately, and users are not asked for a

username or password. In this case, users are granted access only to the port

to which they are connected, including Break access. When authentication is

disabled, so is encryption.

Connections to the Telnet port (23), serial CLI and PPP are still authenticated

using the local CPS user database, even when authentication is expressly

disabled. Generally, these communications paths are used only by

administrators, and authentication is enforced in order to establish appropriate

access rights.

Advertising
Popular Brands
Popular manuals