Cisco Systems OL-5650-02 Controlling Remote User Access to the CSS

Chapter1 Controlling CSS Access

Controlling Remote User Access to the CSS

1-6

Cisco Content Services Switch Security Configuration Guide

OL-5650-02

Controlling Remote User Access to the CSS

To control access to the CSS, you can configure the CSS to authenticate remote

(virtual) or console users. The CSS can authenticate users by using the local user

database, RADIUS server, or TACACS+ server. You can also allow user access

without authenticating or disallowing all remote user access to the CSS.

You can set a maximum of three authentication methods: a primary, secondary,

or tertiary authentication method. The primary method is the first authentication

method that the CSS tries. If the primary authentication method fails (for

example, the RADIUS server is down or is unreachable), the CSS tries the

secondary method. And if the secondary method fails, then the CSS tries the

tertiary method. In the event the tertiary method also fails, the CSS displays a

message that authentication has failed.

The CSS does not attempt a secondary or tertiary authentication method under the

following conditions:

•If the authentication method is local, and the local username is not found in

the local user database.

•If the authentication method is local and the local username is found in the

local user database, but the password is invalid.

•If the authentication method is radius, and the RADIUS server rejects the

primary authentication request from the CSS.

•If the authentication method is tacacs, and the TACACS+ server rejects the

primary authentication request from the CSS.

Before you can use RADIUS or TACACS+ as either the virtual authentication

method or the console authentication method, you must enable communication

with the RADIUS or TACACS+ security server. Use either the radius-server

command (refer to the Chapter 3, Configuring the CSS as a Client of a RADIUS

Server) or the tacacs-server command (see the Chapter 4, Configuring the CSS

as a Client of a TACACS+ Server).

This section includes the following topics:

•Configuring Virtual Authentication

•Configuring Console Authentication

To display virtual and console authentication settings, use the show

user-database command.