Key Management; Configuring Management Access Authentication - Cisco 500 series Administration Manual

Configuring Security

Key Management

STEP 6
STEP 7
Key Management

Configuring Management Access Authentication

Cisco 500 Series Stackable Managed Switch Administration Guide
• Dead Time—Enter the number of minutes that must pass before a non-
responsive RADIUS server is bypassed for service requests. If Use Default
is selected, the switch uses the default value for the dead time. If you enter 0
minutes, there is no dead time.
• Usage Type—Enter the RADIUS server authentication type. The options are:
- Login—RADIUS server is used for authenticating users that ask to
administer the switch.
- 802. 1 X—RADIUS server is used for 802. 1 x authentication.
- All—RADIUS server is used for authenticating user that ask to administer
the switch and for 802. 1 X authentication.
To display sensitive data in plaintext form in the configuration file, click Display
Sensitive Data As Plaintext.
Click Apply. The RADIUS server definition is added to the Running Configuration
file of the switch.
See Key Management. Covered in the RIP Chapter.
You can assign authentication methods to the various management access
methods, such as SSH, console, Telnet, HTTP, and HTTPS. The authentication can
be performed locally or on a TACACS+ or RADIUS server.
For the RADIUS server to grant access to the web-based switch configuration
utility, the RADIUS server must return cisco-avpair = shell:priv-lvl=15.
User authentication occurs in the order that the authentication methods are
selected. If the first authentication method is not available, the next selected
method is used. For example, if the selected authentication methods are RADIUS
and Local, and all configured RADIUS servers are queried in priority order and do
not reply, the user is authenticated locally.
18
308