Print this pagePrint this page

Email this topicEmail this topic

View PDFView PDF

Download EPUBDownload EPUB

Setting the Authentication Configuration

Refer to the Authentication tab to define how user credential validation is conducted on behalf of a Management Access policy. Setting up an authentication scheme by policy allows for policy member credential validation collectively, as opposed to authenticating users individually.

To configure an external authentication resource:

  1. Select OK to update the authentication configuration. Select Reset to the last saved configuration.

  1. Select the Authentication tab from the Management Policy screen.
    ../images/1076.png
  2. Define the following settings to authenticate management access requests:

    Local

    Select whether the authentication server resource is centralized (local), or whether an external authentication resource is used for validating user access requests. Only AP 6511 and AP 6521 model access points lack local RADIUS resources.

    RADIUS

    If local authentication is disable, define whether the RADIUS server is External and or Fallback. Select fallback to revert to local RADIUS resources should a dedicated external server be unreachable.

    AAA Policy

    Define the AAA policy used to authenticate user validation requests to the controller or service platform managed network. Select the Create icon as needed to define a new AAA policy or select the Edit icon to modify the configuration of an existing policy.

    TACACS

    If local authentication is disabled, optionally select Authentication or Fallback (only one authentication or fallback option can be selected) or Accounting and Authorization. TACACS policies control user access to devices and network resources while providing separate accounting, authentication, and authorization services.

    AAA TACACS Policy

    Select an existing AAA TACACS policy (if available), or select Create to define a new policy or Edit to modify an existing one.
  3. Use the drop-down menu to specify to select the AAA Policy to use with an external RADIUS resource. An AP6521 model access point (or a model that is not using its local RADIUS resource) will need to interoperate with a RADIUS and LDAP Server (AAA Servers) to provide user database information and user authentication data. If there is no AAA policy suiting your RADIUS authentication requirements, either select the Create icon to define a new AAA policy or select an existing policy from the drop-down menu and select the Edit icon to update its configuration. For more information on defining the configuration of a AAA policy, see “AAA Policy” on page 663.
  4. Set the following AAA TACACS configuration parameters:
    Authentication Select to enable TACACS authentication on login. This option is not available when the Local field is set to enabled. Also, this option cannot be selected when Fallback is selected.
    Fallback Select to enable fallback to use local authentication if TACACS authentication fails. This option is not available when the Local field is set to enabled. Also, this option cannot be selected when Authentication is selected.
    Accounting Select to enable TACACS accounting on login. This option is not available when the Local field is set to enabled. When selected, the AAA TACACS Policy field is enabled.
    Authorization Select to enable TACACS authorization on login.
    Authorization Fallback Select to enable fallback on TACACS authorization failure. This option is only available when Authorization is selected.
  5. Configure the AAA TACACS Policy to use with this authentication policy. Use the drop-down to select a configured AAA TACACS policy.
  6. Click OK to update the authentication configuration, or click Reset to revert to the last saved configuration.
Published May 2018prev | next

Email this topicEmail this topic

Print this pagePrint this page