Filter
Top Products
1-7
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
Chapter 1 Controlling CSS Access
Controlling Remote User Access to the CSS
Configuring Virtual Authentication
Virtual authentication allows remote users to log in to the CSS when they are
using FTP, Telnet, SSHD, or the Device Management user interface with or
without requiring a username and password. The CSS can also deny access to all
remote users.
You can configure the CSS to authenticate users by using the local database,
RADIUS server, or TACACS+ server. By default, the CSS uses the local database
as the primary method to authenticate users and disallows user access for the
secondary and tertiary method.
Use the virtual authentication command to configure the primary, secondary, or
tertiary virtual authentication method. The syntax for this global configuration
command is:
virtual authentication [primary|secondary|tertiary
[local|radius|tacacs|disallowed]]
The options for this command are as follows:
• primary - Defines the first authentication method that the CSS uses. The
default primary virtual authentication method is the local user database.
• secondary - Defines the second authentication method that the CSS uses if
the first method fails. The default secondary virtual authentication method is
to disallow all user access.
Note If you are configuring a TACACS+ server as the primary authentication
method, define a secondary authentication method, such as local.
• tertiary - Defines the third authentication method that the CSS uses if the
second method fails. The default tertiary virtual authentication method is to
disallow all user access.
• local - The CSS uses the local user database for authentication.
• radius - The CSS uses the configured RADIUS server for authentication.
• tacacs - The CSS uses the configured TACACS+ server for authentication.
• disallowed - The CSS disallows access by all remote users. Entering this
option does not terminate existing connections.