Security
Management Access Authentication
451 Cisco 500 Series Stackable Managed Switch Administration Guide
21
If authorization is enabled, and an authentication method fails or the user has
insufficient privilege level, the user is denied access to the device. In other words,
if authentication fails for an authentication method, the device stops the
authentication attempt; it does not continue and does not attempt to use the next
authentication method.
Similarly, if authorization is not enabled, and authentication fails for a method, the
device stops the authentication attempt.
To define authentication methods for an access method:
STEP 1 Click Security > Management Access Authentication.
STEP 2 Enter the Application (type) of the management access method.
STEP 3 Select Authorization to enable both authentication and authorization of the user
by the list of methods described below. If the field is not selected, only
authentication is performed. If Authorization is enabled, the read/write privileges
of users are checked. This privilege level is set in the User Accounts page.
STEP 4 Use the arrows to move the authorization/authentication method between the
Optional Methods column and the Selected Methods column. Methods are
attempted in the order that they appear.
STEP 5 Use the arrows to move the authentication method between the Optional Methods
column and the Selected Methods column. The first method selected is the first
method that is used.
• RADIUS—User is authorized/authenticated on a RADIUS server. You must
have configured one or more RADIUS servers. For the RADIUS server to
grant access to the web-based configuration utility, the RADIUS server must
return cisco-avpair = shell:priv-lvl=15.
• TAC AC S+ —User authorized/authenticated on the TACACS+ server. You
must have configured one or more TACACS+ servers.
• None—User is allowed to access the device without authorization/
authentication.
• Local—Username and password are checked against the data stored on the
local device. These username and password pairs are defined in the User
Accounts page.
NOTE The Local or None authentication method must always be
selected last. All authentication methods selected after Local or None
are ignored.
To Next Page
Loading...
Need help?
General
