Avocent CPS810 User Manual

Chapter 3: Operations 25

•

Secure indicates authentication will be locked to one DSView software server after a
successful initial access, and DSView software server and appliance credentials will be stored
on the CPS appliance.

•

Trustall indicates that any DSView software server may be used for authentication, and
DSView software server credentials will not be stored or validated on the CPS appliance.

When the secure mode is used, you may clear the stored credentials used by the DSView software
at any time.
For more information, see the DSView Installer/User Guide.

Local authentication

Local authentication uses the CPS appliance internal user database to authenticate users.

RADIUS authentication

RADIUS authentication uses an external third party RADIUS server containing a user database to
authenticate CPS network appliance users. The CPS appliance, functioning as a RADIUS client,
sends usernames and passwords to the RADIUS server. If a username and password do not agree
with equivalent information on the RADIUS server, the CPS appliance is informed and the user is
denied CPS access. If the username and password are successfully validated on the RADIUS server,
the RADIUS server returns an attribute that indicates the access rights defined for that username.
To use RADIUS authentication, you must specify information about the primary RADIUS server
and optionally, a secondary RADIUS server to be used as a backup.
The RADIUS server definition values specified in CPS appliance commands must match
corresponding values configured on the RADIUS server. On the RADIUS server, you must include
CPS appliance-specific information: the list of valid users, their access rights for the CPS appliance
and their preemption levels. Each user-rights attribute in the RADIUS server’s dictionary must be
specified as a string containing the user’s access rights/level for the CPS appliance, exactly
matching the syntax used in the CPS User Add command. The access rights should be followed by
a space, the Preempt keyword and preemption value.
Consult your RADIUS administrator’s manual for information about specifying users and their
attributes. The exact process depends on the RADIUS server you are using.

No authentication

When authentication is disabled, users are not authenticated. Telnet sessions to serial ports are
accepted immediately, and users are not prompted for a username or password. In this case, users
are granted access only to the port to which they are connected, including Break access.
Connections to the Telnet port (23), serial CLI and PPP are still authenticated using the local CPS
user database, even when authentication is expressly disabled. Generally, these communications
paths are used only by administrators, and authentication is enforced in order to establish
appropriate access rights.
This method cannot be used when SSH connections are enabled, nor can it be combined with any
other authentication method.