Configure User Authentication Settings

About this task

Refer to the Authentication tab to define how user credential validation is conducted on behalf of a Management Access policy. Setting up an authentication scheme by policy allows for policy member credential validation collectively, as opposed to authenticating users individually.

Procedure

  1. Go to Policies > Management.
  2. Select a management policy from the list.
  3. Navigate to Authentication.
  4. Define the following settings to authenticate management access requests:
    Setting Description
    Local Use this option to enable or clear local authentication mode. Local authentication uses the local username and password database to authenticate a user. When not selected, an external authentication resource is used to validate user access requests. The external authentication resource could be a dedicated RADIUS server
    Note: The local authentication mode is enabled by default. Not selecting the local authentication enables the RADIUS and AAA Policy parameters.
    RADIUS If authentication is to be handled by an external RADIUS server, select one of the following options:
    • External - Select this option to forward client authentication requests to an external RADIUS server. This option enables external RADIUS server as the preferred authentication mode. However, this option does not provide fallback to local database authentication in case the server is unreachable or if the server rejects the request
    • Fallback - Select this option to revert to local database authentication in case the external RADIUS server is unreachable.

      When this option is enabled, RADIUS authentication is attempted first. However, if the external RADIUS server is unreachable the local database is used to authenticate the user

    • Fallthrough - Select this option to revert to local database authentication in the following scenarios:
      • If the external RADIUS server is unreachable
      • If the external RADIUS server rejects the user authentication request

      When this option is selected, RADIUS authentication is attempted first. However, if the external RADIUS server is unreachable or rejects the authentication request the local database is used to authenticate the user
    AAA Policy If external RADIUS server authentication option is selected, select the AAA policy to use with the external RADIUS resource. Controllers and service platforms that are not using their local RADIUS resource will need to inter-operate with a RADIUS and LDAP Server (AAA Servers) to provide user database information and user authentication data. The AAA policy points to this external RADIUS server resource

    Select a policy from the AAA Policy drop-down list
  5. Select Save to apply user authentication settings.
9037026-03 Rev AA