authentication
The authentication configuration element is used for configuring an authentication profile, which apply to your configured authentication type.
Parameters
- source-port
- Enter the port number on the SBC to send messages to the RADIUS server.
- Default: 1812
- Values: 1645 | 1812 | 3799
- type
- Enter the type of user authentication
- Default: local
- Values: local | radius| tacacs
- protocol
- Select the protocol type to use with your RADIUS server(s)
- Default: pap
- Values: pap | chap | mschapv2 | ascii | IKEv2-IPsec
- tacacs-authentication-only
- When enabled, restricts remote login to TACACS+ when available.
- Default: disabled
- Values: enabled | disabled
- tacacs-authorization
- Enable or disable command-based authorization of admin users for
TACACS.
- Default: enabled
- Values: enabled | disabled
- tacacs-authorization-arg-mode
- Enable or disable sending commands and arguments separately to
the TACACS server.
- Default: disabled
- Values: enabled | disabled
- tacacs-accounting
- Enable or disable accounting of admin ACLI operations.
- Default: enabled
- Values: enabled | disabled
- server-assigned-privilege
- Enables a proprietary TACACS+ variant that, after successful
user authentication, adds an additional TACACS+ request/reply exchange.
- Default: enabled
- Values: enabled | disabled
- allow-local-authorization
- Enable this parameter if you want the Oracle Communications Session Border Controller to authorize users to
enter Super (administrative) mode locally even when your RADIUS server does
not return the ACME_USER_CLASS VSA or the Cisco-AVPair VSA.
- Default: disabled
- Values: enabled | disabled
Note:
When enabled, the Oracle Communications Session Border Controller ignores RADIUS or TACACS restrictions and allows all users to locally enable Superuser (administrative) mode. - login-as-admin
- Enable this parameter if you want users to be logged
automatically in Superuser (administrative) mode.
- Default: disabled
- Values: enabled | disabled
- management-strategy
- Enter the management strategy used to distribute authentication
requests.
- Default: hunt
- Values: round-robin | hunt
- ike-radius-params-name
- Enter the auth-params instance to be assigned to this element.
- Default: None
- Values: Name of an existing auth-params configuration element
- management-servers
- Enter a list of servers used for management requests.
- radius-servers
- Enter the radius-servers subelement.
- tacacs-servers
- Enter the tacacs-servers subelement.
- two-factor-authentication
- Enter the two-factor-authentication subelement.
Note:
This element is only visible if you have the Admin Security license installed. - online-certificate-status-protocol
- Enter the online-certificate-status-protocol subelement.
Note:
Enable the Admin Security and FIPs entitlements to configure this element.
Path
The authentication element is under the security path.
ADMINSEC# conf term
ADMINSEC(configure)# security
ADMINSEC(security)# authentication
ADMINSEC(authentication)#