Engineering via SICAM WEB
SICAM A8000 / CP-8000 • CP-8021 • CP-8022 Manual Unrestricted 315
DC8-037-2.02, Edition 10.2017
9.1.2.1.2 Authentication via External Service
For this mechanism a RADIUS server can be configured. The parameter Radius Authenti-
cation must be set to YES.
If the RADIUS authentication is enabled, the target device uses the RADIUS server IP ad-
dress and the RADIUS shared secret key for the RADIUS communication.
After entering the login credentials and login attempt, the target device sends these creden-
tials to the RADIUS server for authentication:
• If the RADIUS server is available, it compares the login credentials
─ If the comparison is successful, the RADIUS server returns the specific user role;
SICAM WEB and the internal role based protection mechanism use this role-
information for the user
─ If the login credentials are invalid, the logon fails
• If the RADIUS server is not available, the target device runs into a timeout
─ If the fallback option is enabled, the authentication mechanism falls back to local au-
thentication and the target device compares the credentials with the locally stored cre-
dentials
− If the comparison is successful, the target device returns the specific user role;
SICAM WEB and the internal role based protection mechanism use this role-
information for the user
− If the comparison is not successful, the logon fails
─ If the fallback option is not enabled, the logon fails
Configuration with RADIUS Server
The IP address of the RADIUS server must match with the setting in the target device (pa-
rameter Radius server IP address).
The shared key on the RADIUS server must match with the setting in the target device (pa-
rameter RADIUS shared secret key).
The target device sends User-Name (attribute 1), User-Password (attribute 2), NAS Identifier
(attribute 32) and NAS Port (attribute 5) – possibly an application-specific server-side re-
quest – to the RADIUS server.
The RADIUS server should be configurated that way, that after successful authentication the
role designed as a vendor-specific value (attribute 26) will be sent back.
You find detailed information on the RADIUS protocol under https://tools.ietf.org/html/rfc2865.
Structure of the authentication request from CP-8000/CP-802x:
Connection via HTTP Connection via HTTPS
User-Name
User-Password
NAS-Identifier = ”00:E0:A8:B0:DC:80“
NAS-Port= “80“
User-Name
User-Password
NAS-Identifier = “**:**:**:**:**:**“
NAS-Port= “443“
Structure of the response from the configured RADIUS server:
User role Administrator User role Guest
Service-Type = Login-User
Cisco-AVPair = “priv-lvl=15“
Service-Type = Login-User
Cisco-AVPair = “priv-lvl=0“
To Next Page
Loading...
Need help?
General
