Manualshelf

User guide

ManualsBrandsAvocent ManualsData Input DevicesCPS1610-EU
31323334353637383940
32 CPS Installer/User Guide
Local authentication
Local authentication uses the CPS unit’s internal user database to
authenticate users.
RADIUS authentication
RADIUS authentication uses an external third-party RADIUS server containing
a user database to authenticate CPS users. The CPS, functioning as a RADIUS
client, sends usernames and passwords to the RADIUS server. If a username
and password do not agree with equivalent information on the RADIUS server,
the CPS is informed and the user is denied CPS access. If the username and
password are successfully validated on the RADIUS server, the RADIUS server
returns an attribute that indicates the access rights defined for that username.
To use RADIUS authentication, you must specify information about the
primary RADIUS server and optionally, a secondary RADIUS server to be used
as a backup.
The RADIUS server definition values specified in CPS commands must match
corresponding values configured on the RADIUS server.
On the RADIUS server, you must include CPS-specific information: the list of
valid users and their access rights for the CPS. Each user-rights attribute in the
RADIUS server’s dictionary must be specified as a string containing the user’s
access rights for the CPS, exactly matching the syntax used in the CPS User
Add command.
Consult your RADIUS administrator’s manual for information about specifying
users and their attributes. The exact process depends on the RADIUS server
you are using.
No authentication
When authentication is disabled, users are not authenticated. Telnet sessions
to serial ports are accepted immediately, and users are not asked for a
username or password. In this case, users are granted access only to the port
to which they are connected, including Break access. When authentication is
disabled, so is encryption.
Connections to the Telnet port (23), serial CLI and PPP are still authenticated
using the local CPS user database, even when authentication is expressly
disabled. Generally, these communications paths are used only by
administrators, and authentication is enforced in order to establish appropriate
access rights.