authentication
The authentication configuration element is used for configuring an authentication profile, which apply to your configured authentication type.
Constraints
When FIPS is enabled, only three attributes are visible: type, rest-authorization-accounting, login-as-admin.
Parameters
- source-port
- Enter the port number on the SBC to send messages to the RADIUS server.
- Default: 1812
- Values: 1645 | 1812 | 3799
- type
- Enter the type of user authentication.
- Default: local
- Values: local | radius| tacacs
- protocol
- Select the protocol type to use with your RADIUS server(s)
- Default: pap
- Values: pap | chap | mschapv2 | ascii | IKEv2-IPsec
- tacacs-authentication-only
- When enabled, restricts remote login to TACACS+ when available.
- Default: disabled
- Values: enabled | disabled
- tacacs-authorization
- Enable or disable command-based authorization of admin users for
TACACS.
- Default: enabled
- Values: enabled | disabled
- tacacs-authorization-arg-mode
- Enable or disable sending commands and arguments separately to the TACACS
server. Values include:
- Default: disabled
- enabled—Splits the cmd and cmd-arg to conform with TACACS recommendations for all ACLI command and configuration strings, with the exception of the show command.
- enabled-for-show—Splits the cmd and cmd-arg to conform with TACACS recommendations for all ACLI command and configuration strings, including the show command.
- tacacs-accounting
- Enable or disable accounting of admin ACLI operations.
- Default: enabled
- Values: enabled | disabled
- rest-authorization-accounting
- Enable or disable TACACS+ authorization and accounting for TACACS users who
access the REST API.
- Default: disabled
- Values: enabled | disabled
- server-assigned-privilege
- Enables a proprietary TACACS+ variant that, after successful
user authentication, adds an additional TACACS+ request/reply exchange.
- Default: enabled
- Values: enabled | disabled
- allow-local-authorization
- Enable this parameter if you want the Oracle Communications Session Border Controller to authorize users to
enter Super (administrative) mode locally even when your RADIUS server does
not return the ACME_USER_CLASS VSA or the Cisco-AVPair VSA.
- Default: disabled
- Values: enabled | disabled
Note:
When enabled, the Oracle Communications Session Border Controller ignores RADIUS or TACACS restrictions and allows all users to locally enable Superuser (administrative) mode. - login-as-admin
- Enable this parameter if you want users to be logged
automatically in Superuser (administrative) mode.
- Default: disabled
- Values: enabled | disabled
- management-strategy
- Enter the management strategy used to distribute authentication
requests.
- Default: hunt
- Values: round-robin | hunt
- ike-radius-params-name
- Enter the auth-params instance to be assigned to this element.
- Default: None
- Values: Name of an existing auth-params configuration element
- management-servers
- Enter a list of servers used for management requests.
- radius-servers
- Enter the radius-servers subelement.
- tacacs-servers
- Enter the tacacs-servers subelement.
- two-factor-authentication
- Enter the two-factor-authentication subelement.
Note:
This element is only visible if you have the Admin Security license installed.
Path
The authentication element is under the security path.
ADMINSEC# conf term
ADMINSEC(configure)# security
ADMINSEC(security)# authentication
ADMINSEC(authentication)#