Manuals / Avocent / Computer Equipment / Server

Avocent ACS 5000 manual Authentication methods and fallback mechanism

Models: ACS 5000

1 161

Download 161 pages 20.5 Kb

Page 121

Chapter 9: Ports Menu and Forms 113

2.Click the Access tab. The Access form appears.

3.To restrict access to one or more users or to a group of users, enter previously defined user or group names in the Authorized Users/Groups field, with names separated by commas.

4.To deny access to one or more users or groups, preface the user or group names with an exclamation point (!).

5.Click Done.

6.Click apply changes.

Authentication methods and fallback mechanism

The following table provides a brief description of the authentication methods. When an authentication method is configured to be performed by an authentication server such as Kerberos, LDAP, RADIUS or TACACS+, the user can get access denial if either the authentication server is down or it does not authenticate. An authentication fallback mechanism can be defined in case the first authentication level fails. The following table describes the authentication methods and fallback mechanisms.

Table 9.5: Expert - Authentication Methods and Fallback Mechanisms

Authentication Type	Definition
None	No authentication.
Kerberos	Authentication is performed using a Kerberos server.
Kerberos/Local	Kerberos authentication is tried first, switching to Local if unsuccessful.
KerberosDownLocal	Local authentication is performed only when the Kerberos server is down.
LDAP	Authentication is performed against an LDAP database using an LDAP server.
LDAP/Local	LDAP authentication is tried first, switching to Local if unsuccessful.
LDAPDownLocal	Local authentication is performed only when the LDAP server is down.
Local	Authentication is performed locally. For example, using the /etc/passwd file.
Local/Radius	Authentication is performed locally first, switching to Radius if unsuccessful.
Local/TACACS+	Authentication is performed locally first, switching to TACACS+ if unsuccessful.
Local/NIS	Authentication is performed locally first, switching to NIS if unsuccessful.
NIS	NIS authentication is performed.
NIS/Local	NIS authentication is tried first, switching to Local if unsuccessful.

Image 121

Avocent ACS 5000 manual Authentication methods and fallback mechanism

Contents

Cyclades ACS Canadian DOC Notice FCC Warning StatementCyclades ACS Symbols Used B L E of C on T E N T S Configuring the Console Server in Wizard Mode Network Menu and Forms ViiAppendix a Technical Specifications 143 Overview Connectors on the Console ServerACS 5000 Console Server Connectors Number Description Accessing the Console Server and Connected DevicesWeb Manager Prerequisites for Using the Web ManagerTypes of Users AuthenticationSecurity Authentication Type Definition Authentication Methods SupportedIPv6 Services not supporting IPv6Packet Filtering Structure of IP filteringChain Add rule and edit rule optionsRule Add Rule and Edit Rule Option Definitions Filter OptionsTCP protocol options Numeric protocol optionsUDP protocol options Icmp protocol optionsExample of using facility numbers Notifications, Alarms and Data BufferingSyslog servers Prerequisites for logging to syslog serversConfiguring access to connected devices Console Server and Power ManagementCommon Administrator Tasks for Configuring Software Managing Users of Connected DevicesConventions used to identify outlets Additional requirements for Server Technology IPDUsConfiguring ports for power management by authorized users Configuring power managementPower management through the web manager Options for managing powerHostname Discovery Cyclades ACS 5000 Installation/Administration/User Guide Basic Installation Procedures Important Pre-installation RequirementsMounting the console server To rack mount the console server Making an Ethernet connectionTo connect devices to serial ports Console server serial port pin-out information To connect to the console portTurning on the console server and the connected devices To use the wiz command to configure network parametersTo turn on the console server To turn on connected devicesTo configure for IPv4 protocol To configure for IPv6 protocol Selecting a security profile using the web manager Adding users and configuring ports using the web manager Other Methods of Accessing the Web ManagerTo use a dynamic IP address to access the web manager Selecting a security profileTo use the default IP address to access the web manager Connecting PDUsConnecting third-party IPDUs To daisy-chain PDUs to the console server Features of Regular User Forms Using the Web ManagerTo log into the web manager Form area Connect Port access requirementsConnect to the console server Connect to serial portsConnection protocols for serial ports Outlets Manager Ipdu Power ManagementView Ipdu info Outlets Group CtrlBulb PadlockForm Heading Description Example PDU Power FactorTo change your password Administrator Web Manager Buttons Common Features of Administrator FormsTry changes Click the try changes button Button name UseWizard mode Overview of Administrative ModesLogging Into the Web Manager Example of Web Manager Form in Wizard Mode Expert modeExample of Web Manager Form in Expert Mode Cyclades ACS 5000 Installation/Administration/User Guide Security Profile Default security profilePre-defined security profiles Custom security profileHttp To select or configure a security profile Serial port settings and security profilesTo configure the network settings Network SettingsPort Profile Options Port Profile Setup Options ParameterTo set parameters for all serial ports AccessParameter Options To add a user Data Buffering To change a passwordTo delete a user Wizard Data Buffering Field Names and Definitions Field name System Log To configure data bufferingTo delete a syslog server To add a syslog serverCyclades ACS 5000 Installation/Administration/User Guide Overview of menus and forms Configuring the Console Server in Expert ModeExpert Mode Screen Elements Number Description Connecting to devices connected to the serial ports Connecting to the console serverApplications Menu and Forms ConnectApplications Ipdu Power Mgmt Outlets Manager Ipdu Power ManagementTo connect to a device through a serial port OFF Expert Outlets Manager Icons Description ButtonPurposeAvocent PM PDU information displayed To view status, lock, unlock, rename or cycle power outletsThird-party Ipdu information displayed Applications Ipdu Power Mgmt. View IPDUs Info Applications Ipdu Power Mgmt. Outlets Group CtrlExpert Ouatlet Groups Ctrl Information Form Heading PM20i/30A To view and reset Ipdu information Applications Ipdu Power Mgmt. ConfigurationIpdu Power Mgmt Configuration Description Shown Element Type To upgrade software on a Cyclades PM Ipdu Expert Applications Ipdu Power Mgmt. Software UpgradeTo upgrade software on non-Cyclades IPDUs To download Cyclades Ipdu softwareApplications PMD Configuration- General Expert Applications PMD ConfigurationApplications PMD Configuration- Outlet Groups To upgrade software on a Avocent PM PDUTo configure an outlet group Applications PMD Configuration Users ManagementTo authorize a user for Ipdu power management To delete an outlet groupPrefix Group Outlet entry conventionsTo create a menu for a local server terminal Expert Applications Terminal Profile MenuClick apply changes Expert Network Menu Descriptions Menu Selection Host SettingsDNS Service General host settingsDisabling and enabling IPv4 or IPv6 protocols Disabling IPv4Disabling/Enabling IPv6 IPv4 settingsIPv6 settings IPv6 serial interfaces IPv6 Ethernet interfacesIPv6 PPP interfaces Other interfacesTo configure IPv4 protocol To configure host settings Expert from the General formTo configure IPv6 protocol Syslog MYCOMPANYDOMAIN-VPN VPN ConnectionsClick on apply changes To configure VPNDescription Example, 193.168.44.0/24 To configure SnmpFirewall Configuration Delete button Edit buttonAdd button Edit Rules buttonTarget pull-down menu options Inverted checkboxesSource or destination IP and mask ProtocolTCP protocol fields Numeric protocol fieldsUDP protocol fields Expert TCP Options Fields Field/Menu OptionInput interface, output interface and fragments Icmp protocol fieldsLOG target Reject target Firewall configuration proceduresTo add a chain To edit a chainTo edit a rule To add a ruleStatic Routes Host TableTo define the console server’s IP address and hostname Field or Menu Name Definition To configure static routes ExpertCyclades ACS 5000 Installation/Administration/User Guide Users and Groups Security Menu and FormsAdding a Group Adding a UserTo delete a user or group Expert Add User Dialog Field Names and DefinitionsActive Ports Sessions To change a user’s passwordTo add a group To modify a groupTTY To view, kill or refresh active user sessionsTo configure the console servers login authentication method Configuring authentication for console server loginsGroup authorization on Radius To configure a Radius authentication serverTo configure a TACACS+ authentication server To configure an Ldap authentication server Group authorization on TACACS+Group Authorization on Ldap To configure Ldap authenticationTo configure a Kerberos authentication server Go to Security Authentication Kerberos in Expert mode Security Profiles To configure a NIS authentication serverCustom security profile Serial port settings and security profiles Certificate for Http security Security certificatesCertificate on ssh User configured digital certificatePhysical Ports To enable or disable serial ports103 To select one or more serial portsGeneral form Console Access Server CAS profile connection protocolsConnection profiles Terminal Server TS profile connection protocols Ports Menu and FormsBidirectional Telnet protocol Connection Protocols for Modems or IPDUs Protocol Name Modem and power management connection protocolsCyclades ACS 5000 Installation/Administration/User Guide Click apply changes To configure a power management protocol for an Ipdu To associate an alias to a serial port To configure user access to serial ports AccessAccess Form Menu and Fields FieldDescription Authentication methods and fallback mechanism Data Buffering To configure a serial port login authentication methodData Buffering Form Fields Field Name Definition Mode Local DestinationField Name Definition To configure data buffering for serial portsExpert Multi User Form Fields Field Name Definition Multi UserPower Management Expert Power Management Form Fields Field Name To configure a serial port for Ipdu power management Other To configure a serial port for Ipmi power managementTCP Port 10 Other Form Fields Field Name DefinitionTo configure terminal server connection options 11 New/Modify Port Dialog Box Fields Field Name Definition Virtual PortsTo assign names to slave ports in the cluster To cluster console servers or modify cluster configurationPorts Statistics Ports Status14 Expert Ports Hostname Discovery Fields Expert Ports Hostname DiscoveryCyclades ACS 5000 Installation/Administration/User Guide 129 System InformationSystem Information Form InformationParameters To view system information NotificationsInformation Parameters Notifications Form Fields Field Name Definition Email Notifications EntryEmail Notifications Dialog Box Fields Field Name Definition Pager notifications entry Untitled dropdown field Snmp trap notifications entryCold Start To configure a trigger for serial port alarm notification Serial ports alarm notificationTime/Date To set the time and date manuallySetting up a customized timezone configuration To configure time and date using an NTP serverTo create a custom timezone selection To use the custom option to set daylight savings timeBoot Configuration Form Fields Field Name Definition Boot ConfigurationSelect Flash or Network from the Unit boot from menu To configure the console server bootGo to Administration Backup Config in Expert mode Backup ConfigurationTo upgrade the console server firmware Upgrade FirmwareTo reboot the console server RebootOnline Help To configure the local online help path 143 Appendix a Technical SpecificationsEnvironmental Hardware Elevated operating ambient temperature TemperatureTemperatur Erhöhte Umgebungstemperatur im betriebMechanical loading Safety precautions for operating the console serverSicherer mechanischer Aufbau Circuit overloadingAppendices Working inside the console server Electrostatic Discharge ESD PrecautionsRemplacement de la batterie Replacing the battery Austausch der BatterieArbeiten am Cyclades ACS Vorsichtsmassnahmen gegen Elektrostatische Entladung ESDFCC warning statement BaterìaCanadian DOC notice Appendix C Technical Support To resolve an issueCyclades ACS 5000 Installation/Administration/User Guide For Technical Support