Avocent CCM4850 Network Card User Manual


 
24 CCM4850 Installer/User Guide
You may optionally specify both RADIUS and local authentication, in either order. In this case,
authentication will be attempted initially on the first method specified. If that fails, the second
method will be used for authentication.
No authentication
When authentication is disabled, users are not authenticated. Telnet sessions to serial ports are
accepted immediately, and users are not prompted for a username or password. In this case, users
are granted access only to the port to which they are connected, including Break access.
Connections to the Telnet port (23), serial CLI and PPP are still authenticated using the local CCM
user database, even when authentication is expressly disabled. Generally, these communications
paths are used only by administrators, and authentication is enforced in order to establish
appropriate access rights.
Authentication may not be disabled when SSH session access is enabled.
Authentication summary
Table 3.4 indicates how authentication is performed according to the authentication method
specified and the type of connection to the CCM appliance.
To specify the authentication method:
1. For RADIUS authentication, issue a Server RADIUS command.
SERVER RADIUS PRIMARY|SECONDARY IP=<radius_ip> SECRET=<secret> USER-
RIGHTS=<attr> [AUTHPORT=<udp>] [TIMEOUT=<time-out>] [RETRIES=<retry>]
You must specify the server’s IP address, the UDP port to be used and a “secret” to be used.
You must also specify a user-rights attribute value that matches a value in the RADIUS
server’s dictionary.
Table 3.4: Authentication Method Summary
Mode Connection Type and Authentication Action
Local All sessions are authenticated using the CCM user database.
RADIUS
Telnet and SSH sessions are authenticated using RADIUS. Serial CLI sessions are
authenticated using the CCM user database.
Local,RADIUS
Telnet and SSH sessions are authenticated using the CCM user database. If that
fails, authentication uses RADIUS. Serial CLI sessions are authenticated using the
CCM user database.
RADIUS,Local
Telnet and SSH sessions are authenticated using RADIUS. If that fails,
authentication uses the CCM user database. Serial CLI connections are
authenticated using the CCM user database.
None
Telnet to serial port sessions use no authentication. Telnet CLI and serial CLI
sessions are authenticated using the CCM user database. This authentication mode
cannot be used for SSH connections.