Technical basics
3.8 Security functions
SCALANCE SC-600 Web Based Management (WBM)
52 Configuration Manual, 10/2021, C79000-G8976-C475-03
Local logon
The local logging on of users by the device runs as follows:
1. The user logs on with user name and password on the device.
2. The device checks whether an entry exists for the user.
→ If an entry exists, the user is logged in with the rights of the associated role.
→ If no corresponding entry exists, the user is denied access.
Login via an external RADIUS server
RADIUS (Remote Authentication Dial-In User Service) is a protocol for authenticating
and authorizing users by servers on which user data can be stored centrally.
Depending on the RADIUS authorization mode you have selected on the "Security > AAA
> RADIUS Client" page, the device evaluates different information of the RADIUS server.
RADIUS authorization mode "Standard"
If you have set the authorization mode "conventional", the authentication of users via a
RADIUS server runs as follows:
1. The user logs on with user name and password on the device.
2. The device sends an authentication request with the login data to the RADIUS server.
3. The RADIUS server runs a check and signals the result back to the device.
– The RADIUS server reports a successful authentication and returns the value
"Administrative User" to the device for the attribute "Service Type".
→ The user is logged in with administrator rights.
– The RADIUS server reports a successful authentication and returns a different or
even no value to the device for the attribute "Service Type".
→ The user is logged in with read rights.
– The RADIUS server reports a failed authentication to the device:
→ The user is denied access.
RADIUS authorization mode "SiemensVSA"
Requirement
For the RADIUS authorization mode "Siemens VSA" the following needs to be set on the
RADIUS server:
• Manufacturer code: 4196
• Attribute number: 1
• Attribute format: Character string (group name)
Procedure
To Next Page
Loading...
Need help?
General