Configuring Management Access Authentication

Authentication methods can be assigned to HTTP/HTTPS sessions. The authentication can be performed locally or on a RADIUS server.

User authentication occurs in the order that the authentication methods are selected. If the first authentication method is not available, the next selected method is used. For example, if the selected authentication methods are RADIUS and Local, and all configured RADIUS servers are queried in priority order and do not reply, the user is authenticated locally.

If an authentication method fails or the user has insufficient privilege level, the user is denied access to the switch. In other words, if authentication fails at an authentication method, the switch stops; it does not continue and does not attempt to use the next authentication method.

To define authentication methods for an access method:

  1. Click Security > Management Access Authentication. The Management Access Authentication page displays.
  2. Select an access method from the Application list.
  3. Use the arrows to move the authentication method between the Optional Methods column and the Selected Methods column. The first method selected is the first method that is used.
    • RADIUS--User is authenticated on a RADIUS server. You must have configured one or more RADIUS servers.
    • None--User is allowed to access the switch without authentication.
    • Local--Username and password is checked against the data stored on the local switch. These username and password pairs are defined in the User Accounts page.
    • NOTE     The Local or None authentication method must always be selected last. All authentication methods selected after Local or None are ignored.

  4. Click Apply. The selected authentication methods are associated with the access method.