1. ACLI Reference Guide
  2. ACLI Configuration Elements A-M
  3. authentication

authentication

The authentication configuration element is used for configuring an authentication profile, which apply to your configured authentication type.

Parameters

source-port
Enter the port number on the SBC to send messages to the RADIUS server.
  • Default: 1812
  • Values: 1645 | 1812 | 3799
type
Enter the type of user authentication
  • Default: local
  • Values: local | radius| tacacs
protocol
Select the protocol type to use with your RADIUS server(s)
  • Default: pap
  • Values: pap | chap | mschapv2 | ascii | IKEv2-IPsec
tacacs-authentication-only
When enabled, restricts remote login to TACACS+ when available.
  • Default: disabled
  • Values: enabled | disabled
tacacs-authorization
Enable or disable command-based authorization of admin users for TACACS.
  • Default: enabled
  • Values: enabled | disabled
tacacs-authorization-arg-mode
Enable or disable sending commands and arguments separately to the TACACS server.
  • Default: disabled
  • Values: enabled | disabled
tacacs-accounting
Enable or disable accounting of admin ACLI operations.
  • Default: enabled
  • Values: enabled | disabled
server-assigned-privilege
Enables a proprietary TACACS+ variant that, after successful user authentication, adds an additional TACACS+ request/reply exchange.
  • Default: enabled
  • Values: enabled | disabled
allow-local-authorization
Enable this parameter if you want the Oracle Communications Session Border Controller to authorize users to enter Super (administrative) mode locally even when your RADIUS server does not return the ACME_USER_CLASS VSA or the Cisco-AVPair VSA.
  • Default: disabled
  • Values: enabled | disabled

Note:

When enabled, the Oracle Communications Session Border Controller ignores RADIUS or TACACS restrictions and allows all users to locally enable Superuser (administrative) mode.
login-as-admin
Enable this parameter if you want users to be logged automatically in Superuser (administrative) mode.
  • Default: disabled
  • Values: enabled | disabled
management-strategy
Enter the management strategy used to distribute authentication requests.
  • Default: hunt
  • Values: round-robin | hunt
ike-radius-params-name
Enter the auth-params instance to be assigned to this element.
  • Default: None
  • Values: Name of an existing auth-params configuration element
management-servers
Enter a list of servers used for management requests.
radius-servers
Enter the radius-servers subelement.
tacacs-servers
Enter the tacacs-servers subelement.
two-factor-authentication
Enter the two-factor-authentication subelement.

Note:

This element is only visible if you have the Admin Security license installed.
online-certificate-status-protocol
Enter the online-certificate-status-protocol subelement.

Note:

Enable the Admin Security and FIPs entitlements to configure this element.

Path

The authentication element is under the security path. 

ADMINSEC# conf term
ADMINSEC(configure)# security 
ADMINSEC(security)# authentication
ADMINSEC(authentication)#