1. ACLI Reference Guide
  2. ACLI Configuration Elements A-M
  3. authentication

authentication

The authentication configuration element is used for configuring an authentication profile, which apply to your configured authentication type.

Constraints

When FIPS is enabled, only three attributes are visible: type, rest-authorization-accounting, login-as-admin.

Parameters

source-port
Enter the port number on the SBC to send messages to the RADIUS server.
  • Default: 1812
  • Values: 1645 | 1812 | 3799
type
Enter the type of user authentication.
  • Default: local
  • Values: local | radius| tacacs
protocol
Select the protocol type to use with your RADIUS server(s)
  • Default: pap
  • Values: pap | chap | mschapv2 | ascii | IKEv2-IPsec
tacacs-authentication-only
When enabled, restricts remote login to TACACS+ when available.
  • Default: disabled
  • Values: enabled | disabled
tacacs-authorization
Enable or disable command-based authorization of admin users for TACACS.
  • Default: enabled
  • Values: enabled | disabled
tacacs-authorization-arg-mode
Enable or disable sending commands and arguments separately to the TACACS server. Values include:
  • Default: disabled
  • enabled—Splits the cmd and cmd-arg to conform with TACACS recommendations for all ACLI command and configuration strings, with the exception of the show command.
  • enabled-for-show—Splits the cmd and cmd-arg to conform with TACACS recommendations for all ACLI command and configuration strings, including the show command.
tacacs-accounting
Enable or disable accounting of admin ACLI operations.
  • Default: enabled
  • Values: enabled | disabled
rest-authorization-accounting
Enable or disable TACACS+ authorization and accounting for TACACS users who access the REST API.
  • Default: disabled
  • Values: enabled | disabled
server-assigned-privilege
Enables a proprietary TACACS+ variant that, after successful user authentication, adds an additional TACACS+ request/reply exchange.
  • Default: enabled
  • Values: enabled | disabled
allow-local-authorization
Enable this parameter if you want the Oracle Communications Session Border Controller to authorize users to enter Super (administrative) mode locally even when your RADIUS server does not return the ACME_USER_CLASS VSA or the Cisco-AVPair VSA.
  • Default: disabled
  • Values: enabled | disabled

Note:

When enabled, the Oracle Communications Session Border Controller ignores RADIUS or TACACS restrictions and allows all users to locally enable Superuser (administrative) mode.
login-as-admin
Enable this parameter if you want users to be logged automatically in Superuser (administrative) mode.
  • Default: disabled
  • Values: enabled | disabled
management-strategy
Enter the management strategy used to distribute authentication requests.
  • Default: hunt
  • Values: round-robin | hunt
ike-radius-params-name
Enter the auth-params instance to be assigned to this element.
  • Default: None
  • Values: Name of an existing auth-params configuration element
management-servers
Enter a list of servers used for management requests.
radius-servers
Enter the radius-servers subelement.
tacacs-servers
Enter the tacacs-servers subelement.
two-factor-authentication
Enter the two-factor-authentication subelement.

Note:

This element is only visible if you have the Admin Security license installed.

Path

The authentication element is under the security path. 

ADMINSEC# conf term
ADMINSEC(configure)# security 
ADMINSEC(security)# authentication
ADMINSEC(authentication)#