Filter
Top Products
26 CPS Installer/User Guide
Authentication of serial CLI port sessions
Using the Server CLI command, you may enable or disable user authentication at the serial CLI port.
You may also configure a preemption level that will be used by a serial CLI port user when user
authentication is disabled on that port. By default, authentication is enabled on the serial CLI port.
• When enabled, a serial CLI port user is authenticated against the local CPS user database,
using the access rights/level and preemption level configured for that user with the User Add/
User Set command.
• When disabled, a serial CLI port user is not authenticated and will be assigned the appliance
administrator access level. If that CLI port user attempts to connect to another CPS port
(assuming connection ability is enabled), and that port is already in use, the preemption level
configured with the Server CLI command is used. For more information, see Preemption on
page 21.
PPP sessions are always authenticated using the method specified with the Server Security
command. In other words, enabling/disabling user authentication at the serial CLI port does not
apply to PPP dial-in connections.
Authentication summary
The CPS appliance allows concurrent use of multiple authentication methods. This allows Telnet,
SSH and DSView software clients to all access a single CPS appliance as long as the appropriate
authentication methods are enabled.
For example, if you enable local and DS authentication (which is the default), DSView software
clients will always be authenticated using DSView software servers. Telnet and SSH clients will be
authenticated using the CPS local user database first, and DSView software second.
Similarly, if you enable DS and RADIUS authentication, DSView software clients will always be
authenticated using DSView software servers. Telnet and SSH clients will be authenticated using
the RADIUS servers.
As indicated above, DSView software servers will always be used for DSView software clients.
For Telnet and SSH clients, the order in which you specify the authentication methods determines
the order in which each method is used.
For example, if you enable local and RADIUS authentication (in that order), authentication uses the
CPS user database. If that fails, authentication goes to the defined RADIUS servers. If you enable
RADIUS and local authentication (in that order), authentication goes first to the defined RADIUS
servers. If that fails, the local CPS user database is used.
To specify the authentication method:
1. For RADIUS authentication, issue a Server RADIUS command.
SERVER RADIUS PRIMARY|SECONDARY IP=<radius_ip> SECRET=<secret> USER-
RIGHTS=<attr> [AUTHPORT=<udp>] [TIMEOUT=<time-out>] [RETRIES=<retry>]