Configuring Security
Configuring Management Access Authentication
Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x 200
16
STEP 4 Click Apply. The password complexity settings are defined, and the Running
Configuration is updated.
Configuring Management Access Authentication
You can assign authentication methods to the various management access
methods, such as SSH, console, Telnet, HTTP, and HTTPS. This authentication can
be performed locally or on an external server, such as a TACACS+ or a RADIUS
server.
For the RADIUS server to grant access to the web-based interface, the RADIUS
server must return cisco-avpair = shell:priv-lvl=15.
User authentication occurs in the order that the authentication methods are
selected. If the first authentication method is not available, the next selected
method is used. For example, if the selected authentication methods are RADIUS
and Local, and all configured RADIUS servers are queried in priority order and do
not reply, the user is authenticated locally.
If an authentication method fails or the user has insufficient privilege level, the user
is denied access to the switch. In other words, if authentication fails at an
authentication method, the switch stops the authentication attempt; it does not
continue and does not attempt to use the next authentication method.
To define authentication methods for an access method:
STEP 1 Click Security > Management Access Authentication.
STEP 2 Select an access method from the Application drop-down menu.
STEP 3 Move the authentication method between the Optional Methods column and the
Selected Methods column. The first method selected is the first method that is
used. The applicable authentication methods are:
• RADIUS—User is authenticated on a RADIUS server. You must have
configured one or more RADIUS servers.
• TACACS+—User is authenticated on a TACACS+ server. You must have
configured one or more TACACS+ servers.
• None—User is allowed to access the switch without authentication.
To Next Page
Loading...
