Chapter 9: Authentication

9. Authentication

The console server is a dedicated Linux computer with a myriad of popular and proven Linux software modules for networking, secure access (OpenSSH), and communications (OpenSSL), and sophisticated user authentication (PAM, RADIUS, TACACS+, and LDAP).

This chapter details how the Administrator can use the Management Console to establish remote AAA authentication for all connections to the console server and attached serial and network host devices.

This chapter also covers how to establish a secure link to the Management Console using HTTPS and using OpenSSL and OpenSSH to establish a secure Administration connection to the console server.

9.1 Authentication Configuration

Authentication can be performed locally, or remotely using an LDAP, Radius, or TACACS+ authentication server. The default authentication method for the console server is Local.

Figure 9-1. Authentication screen.

Any authentication method that is configured will be used for authentication of any user who attempts to log in through Telnet, SSH, or the Web Manager to the console server and any connected serial port or network host devices.

You can configure the console server to the default (Local) or using an alternate authentication method (TACACS, RADIUS, or LDAP). Optionally, you can select the order in which local and remote authentication is used:

Local TACACS /RADIUS/LDAP: Tries local authentication first, falling back to remote if local fails.

TACACS /RADIUS/LDAP Local: Tries remote authentication first, falling back to local if remote fails.

TACACS /RADIUS/LDAP Down Local: Tries remote authentication first, falling back to local if the remote authentication returns an error condition (for example, if the remote authentication server is down or inaccessible).

9.1.1 Local Authentication

Select Serial and Network: Authentication and check Local.

Click Apply.

9.1.2 TACACS Authentication

Perform the following procedure to configure the TACACS+ authentication method to use whenever the console server or any of its serial ports or hosts is accessed:

Select Serial and Network: Authentication and check TACAS or LocalTACACS or TACACSLocal or TACACSDownLocal

724-746-5500 blackbox.com

87

Page 86 Page 88
Page 87
Image 87
Black Box Secure Device Servers, 1102, 1101 Authentication Configuration, Local Authentication, Tacacs Authentication
Page 86 Page 88
Top Page Image Contents