Manualshelf

Network Device Hardware Manual

ManualsBrandsAvocent ManualsNetwork CardCCM840
31323334353637383940
32 CCM840/1640 Installer/User Guide
The RADIUS server definition values specified in CCM commands must match
corresponding values configured on the RADIUS server. On the RADIUS server,
you must include CCM-specific information: the list of valid users and their
access rights for the CCM. Each user-rights attribute in the RADIUS servers
dictionary must be specified as a string containing the users access rights for
the CCM, exactly matching the syntax used in the CCM User Add command.
Consult your RADIUS administrators manual for information about specifying
users and their attributes. The exact process depends on the RADIUS server
you are using.
No authentication
When authentication is disabled, users are not authenticated. Telnet sessions
to serial ports are accepted immediately, and users are not prompted for a
username or password. In this case, users are granted access only to the port
to which they are connected, including Break access.
Connections to the Telnet port (23), serial CLI and PPP are still authenticated,
even when authentication is expressly disabled. Generally, these
communications paths are used only by administrators, and authentication is
enforced in order to establish appropriate access rights.
Authentication may not be disabled when SSH session access is enabled.
Authentication summary
The CCM allows concurrent use of multiple authentication modes. This allows
Telnet and SSH clients to all access a single CCM as long as the appropriate
values are enabled.
You may optionally specify both RADIUS and local authentication, in either
order. In this case, authentication will be attempted initially on the first method
specified. If that fails, the second method will be used for authentication.
For example, if you enable local and RADIUS authentication (in that order),
authentication uses the CCM user database. If that fails, authentication goes to
the defined RADIUS servers. If you enable RADIUS and local authentication
(in that order), authentication goes first to the defined RADIUS servers. If that
fails, the local user database is used.
To specify the authentication mode:
1. For RADIUS authentication, issue a Server RADIUS command.
SERVER RADIUS PRIMARY|SECONDARY IP=<radius_ip>
SECRET=<secret> USER-RIGHTS=<attr> [AUTHPORT=<udp>]
[TIMEOUT=<time-out>] [RETRIES=<retry>]