Operations 34
Connections to the Telnet port (23), serial CLI, and PPP are still authenticated using the local SCS user database, even
when authentication is expressly disabled. Generally, these communications paths are used only by administrators,
and authentication is enforced to establish appropriate access rights.
Authentication cannot be disabled when SSH session access is enabled.
Authentication summary
Table 3-5 indicates how authentication is performed according to the authentication method specified and the type of
connection to the SCS.
Table 3-5 Authentication method summary
Mode Connection type and authentication action
Local All sessions are authenticated using the SCS user database.
RADIUS Telnet and SSH sessions are authenticated using RADIUS. Serial CLI sessions are authenticated using the
SCS user database.
LDAP All sessions are authenticated using Microsoft Active Directory, except for administrators which are
always authenticated locally.
None Telnet to serial port sessions use no authentication. Telnet CLI and serial CLI sessions are authenticated
using the SCS user database. This authentication mode cannot be used for SSH connections.
Specifying authentication method
1. For RADIUS authentication, issue a Server RADIUS command.
server radius primary|secondary ip=<radius_ip> secret=<secret> user-rights=<attr>
[authport=<udp>] [timeout=<time-out>] [retries=<retry>]
You must specify the IP address of the server, the User Datagram Protocol (UDP) port to be used and a “secret”
to be used. You must also specify a user-rights attribute value that matches a value in the, RADIUS dictionary of
the server.
You can also use this command to delete a RADIUS server definition.
server radius primary|secondary delete
See “Server RADIUS command.”
2. Issue a Server Security command, using the Authentication parameter to specify the authentication
method. Use the Encrypt parameter to enable plain text Telnet connections, SSH connections, or both.
server security authentication=<auth> encrypt=<conns>
You can optionally specify both RADIUS and Local authentication, in either order. In this case, authentication
will be attempted initially on the first method specified. If that fails, the second method will be used for
authentication.
When SSH session access is enabled, you must specify an authentication mode other than None.
3. You are prompted to save the information. Enter
Y to confirm or N to cancel.
To Next Page
Loading...
Need help?
General
