Avocent CPS1610 CPS Switch User Manual


 
Chapter 3: Operations 33
This method cannot be used when SSH connections are enabled, nor can it be
combined with any other authentication method.
Authentication summary
The CPS allows concurrent use of multiple authentication modes. This allows
Telnet, SSH and DSView clients to all access a single CPS as long as the
appropriate authentication methods are enabled.
For example, if you enable DS and local authentication, DSView clients will
always be authenticated using DSAuth. Telnet, SSL and SSH clients will be
authenticated using DS first, and the CPS local user database second.
Similarly, if you enable DS and RADIUS authentication, DSView clients will
always be authenticated using DSAuth. Telnet, SSL and SSH clients will be
authenticated using the RADIUS servers.
As indicated above, the DS authentication server will always be used for DSView
clients. For Telnet, SSL and SSH clients, the order in which you specify the
authentication methods determines the order in which each method is used.
For example, if you enable local and RADIUS authentication (in that order),
authentication uses the CPS user database. If that fails, authentication goes to
the defined RADIUS servers. If you enable RADIUS and local authentication
(in that order), authentication goes first to the defined RADIUS servers. If that
fails, the local CPS user database is used.
To specify the authentication mode:
1. For RADIUS authentication, issue a Server RADIUS command.
SERVER RADIUS PRIMARY|SECONDARY IP=<radius_ip>
SECRET=<secret> USER-RIGHTS=<attr> [AUTHPORT=<udp>]
[TIMEOUT=<time-out>] [RETRIES=<retry>]
You must specify the server’s IP address, the UDP port to be used and a
“secret” to be used. You must also specify a user-rights attribute value that
matches a value in the RADIUS server’s dictionary.
You may also use this command to delete a RADIUS server defi nition.
SERVER RADIUS PRIMARY|SECONDARY DELETE
For more information, see Server RADIUS command in Chapter 5.
2. Issue a Server Security command, using the Authentication parameter to
specify the authentication mode and the Encrypt parameter to specify the
encryption type.
SERVER SECURITY AUTHENTICATION=<auth_mode>