Security
Configuring Management Access Authentication
STEP 4
STEP 5
Configuring Management Access Authentication
STEP 1
STEP 2
STEP 3
Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3
-
Minutes—Number of minutes that the key-identifier is valid.
-
Seconds—Number of seconds that the key-identifier is valid.
To always display sensitive data as plaintext (and not in encrypted form), click
Display Sensitive Data as Plaintext.
Click Apply. The settings are written to the Running Configuration file.
You can assign authentication methods to the various management access
methods, such as SSH, console, Telnet, HTTP, and HTTPS. The authentication can
be performed locally or on a TACACS+ or RADIUS server.
For the RADIUS server to grant access to the web-based configuration utility, the
RADIUS server must return cisco-avpair = shell:priv-lvl=15.
User authentication occurs in the order that the authentication methods are
selected. If the first authentication method is not available, the next selected
method is used. For example, if the selected authentication methods are RADIUS
and Local, and all configured RADIUS servers are queried in priority order and do
not reply, the user is authenticated locally.
If an authentication method fails or the user has insufficient privilege level, the user
is denied access to the device. In other words, if authentication fails at an
authentication method, the device stops the authentication attempt; it does not
continue and does not attempt to use the next authentication method.
To define authentication methods for an access method:
Click Security > Management Access Authentication.
Select an access method from the Application list.
Use the arrows to move the authentication method between the Optional Methods
column and the Selected Methods column. The first method selected is the first
method that is used.
•
RADIUS—User is authenticated on a RADIUS server. You must have
configured one or more RADIUS servers.
•
TACACS+—User authenticated on the TACACS+ server. You must have
configured one or more TACACS+ servers.
20
380