Avocent CPS1610, CPS810 manual 39

•Secure indicates authentication will be locked to one DSView software server after a successful initial access, and DSView software server and appliance credentials will be stored on the CPS appliance.

•Trustall indicates that any DSView software server may be used for authentication, and DSView software server credentials will not be stored or validated on the CPS appliance.

When the secure mode is used, you may clear the stored credentials used by the DSView software at any time.

For more information, see the DSView Installer/User Guide.

Local authentication

Local authentication uses the CPS appliance internal user database to authenticate users.

RADIUS authentication

RADIUS authentication uses an external third party RADIUS server containing a user database to authenticate CPS network appliance users. The CPS appliance, functioning as a RADIUS client, sends usernames and passwords to the RADIUS server. If a username and password do not agree with equivalent information on the RADIUS server, the CPS appliance is informed and the user is denied CPS access. If the username and password are successfully validated on the RADIUS server, the RADIUS server returns an attribute that indicates the access rights defined for that username.

To use RADIUS authentication, you must specify information about the primary RADIUS server and optionally, a secondary RADIUS server to be used as a backup.

The RADIUS server definition values specified in CPS appliance commands must match corresponding values configured on the RADIUS server. On the RADIUS server, you must include CPS appliance-specific information: the list of valid users, their access rights for the CPS appliance and their preemption levels. Each user-rights attribute in the RADIUS server’s dictionary must be specified as a string containing the user’s access rights/level for the CPS appliance, exactly matching the syntax used in the CPS User Add command. The access rights should be followed by a space, the Preempt keyword and preemption value.

Consult your RADIUS administrator’s manual for information about specifying users and their attributes. The exact process depends on the RADIUS server you are using.

No authentication

When authentication is disabled, users are not authenticated. Telnet sessions to serial ports are accepted immediately, and users are not prompted for a username or password. In this case, users are granted access only to the port to which they are connected, including Break access.

Connections to the Telnet port (23), serial CLI and PPP are still authenticated using the local CPS user database, even when authentication is expressly disabled. Generally, these communications paths are used only by administrators, and authentication is enforced in order to establish appropriate access rights.

This method cannot be used when SSH connections are enabled, nor can it be combined with any other authentication method.