32CCM840/1640 Installer/User Guide
The RADIUS server definition values specified in CCM commands must match corresponding values configured on the RADIUS server. On the RADIUS server, you must include
Consult your RADIUS administrator’s manual for information about specifying users and their attributes. The exact process depends on the RADIUS server you are using.
No authentication
When authentication is disabled, users are not authenticated. Telnet sessions to serial ports are accepted immediately, and users are not prompted for a username or password. In this case, users are granted access only to the port to which they are connected, including Break access.
Connections to the Telnet port (23), serial CLI and PPP are still authenticated, even when authentication is expressly disabled. Generally, these communications paths are used only by administrators, and authentication is enforced in order to establish appropriate access rights.
Authentication may not be disabled when SSH session access is enabled.
Authentication summary
The CCM allows concurrent use of multiple authentication modes. This allows Telnet and SSH clients to all access a single CCM as long as the appropriate values are enabled.
You may optionally specify both RADIUS and local authentication, in either order. In this case, authentication will be attempted initially on the first method specified. If that fails, the second method will be used for authentication.
For example, if you enable local and RADIUS authentication (in that order), authentication uses the CCM user database. If that fails, authentication goes to the defined RADIUS servers. If you enable RADIUS and local authentication (in that order), authentication goes first to the defined RADIUS servers. If that fails, the local user database is used.
To specify the authentication mode:
1.For RADIUS authentication, issue a Server RADIUS command.
SERVER RADIUS PRIMARYSECONDARY IP=<radius_ip> SECRET=<secret>