| Local |
Use this option to enable or clear local authentication
mode. Local authentication uses the local username and
password database to authenticate a user. When not selected,
an external authentication resource is used to validate user
access requests. The external authentication resource could
be a dedicated RADIUS server Note: The local
authentication mode is enabled by default. Not selecting
the local authentication enables the RADIUS and AAA
Policy parameters.
|
| RADIUS |
If authentication is to be handled by an external RADIUS
server, select one of the following options:
- External - Select this option to forward client
authentication requests to an external RADIUS
server. This option enables external RADIUS server
as the preferred authentication mode. However, this
option does not provide fallback to local database
authentication in case the server is unreachable or
if the server rejects the request
- Fallback - Select this option to revert to local
database authentication in case the external RADIUS
server is unreachable.
When this option is
enabled, RADIUS authentication is attempted first.
However, if the external RADIUS server is
unreachable the local database is used to
authenticate the user
- Fallthrough - Select this option to revert to local
database authentication in the following
scenarios:
- If the external RADIUS server is unreachable
- If the external RADIUS server rejects the user
authentication request
When this option is selected, RADIUS
authentication is attempted first. However, if the
external RADIUS server is unreachable or rejects
the authentication request the local database is
used to authenticate the user
|
| AAA Policy |
If external RADIUS server authentication option is
selected, select the AAA policy to use with the external
RADIUS resource. Controllers and service platforms that are
not using their local RADIUS resource will need to
inter-operate with a RADIUS and LDAP Server (AAA Servers) to
provide user database information and user authentication
data. The AAA policy points to this external RADIUS server
resource Select a policy from the AAA Policy drop-down
list
|
| TACACS |
If local authentication is disabled, and
authentication is to be handled by an external TACACS
server, select one of the following options:
- Authentication - Select to enable TACACS
authentication on login.
- Fallback - Select this option to revert
to local database authentication in case the TACACS
server is unreachable.
When this option is
enabled, TACACS authentication is attempted first.
However, if the external TACACS server is
unreachable the local database is used to
authenticate the user.
- Fallthrough - Select this option to
revert to local database authentication in the
following scenarios:
- If the external TACACS server is unreachable.
- If the external TACACS server rejects the user
authentication request.
When this option is enabled, TACACS
authentication is attempted first. However, if the
TACACS server is unreachable or rejects the authentication request the
local database is used to authenticate the
user.
- Accounting - Select to enable TACACS
accounting on login.
- Authorization - Select to enable TACACS
authorization on login.
- Authorization Fallback - Select to
enable fallback on TACACS authorization failure.
This option is only available when Authorization
is selected.
|
| AAA TACACS Policy |
If enabling external TACACS server
authentication, select the TACACS policy to use. The AAA
TACACS policy points to this external TACACS server
resource. Select an existing AAA TACACS policy.
Otherwise, perform the procedure Manage AAA TACACS Policies
to create a new policy that you can then select
here.
|
adjacent to the target Management policy.
Proceed to the next step.