Chapter 3: Operations

33

 

 

You must specify the server’s IP address, the UDP port to be used and a

“secret” to be used. You must also specify a user-rights attribute value that matches a value in the RADIUS server’s dictionary.

You may also use this command to delete a RADIUS server definition.

SERVER RADIUS PRIMARYSECONDARY DELETE

For more information, see Server RADIUS command in Chapter 5.

2.Issue a Server Security command, using the Authentication parameter to specify the authentication mode. Use the Encrypt parameter to enable plain text Telnet connections, SSH connections or both.

SERVER SECURITY AUTHENTICATION=<auth_mode> ENCRYPT=<conns>

3.You are prompted to save the information. Enter Y to confirm or N to cancel.

To display authentication configuration information:

1.Issue a Show Server Security command.

SHOW SERVER SECURITY

The display includes the current CCM authentication settings that were configured with the Server Security command. If SSH access has been enabled, the display indicates SSH2. Regardless of whether SSH is enabled, the display includes the authentication method specified with the Server SSH command.

2.To display CCM RADIUS settings that were configured with the Server RADIUS command, issue a Show Server RADIUS command.

SHOW SERVER RADIUS

For more information, see Server Security command, Show Server Security command and Show Server RADIUS command in Chapter 5, plus Connecting to devices using SSH and Enabling plain text Telnet and SSH connections in this chapter.

Using Security Lock-out

When the Security Lock-out feature is enabled, a user will be locked-out after five consecutive authentication failures. A successful authentication will reset the counter to zero. You may configure a lock-out period of from 1-99 hours. Specifying a lock-out period of Ø disables the feature; that is, users will not be locked-out.