Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    A C Series Controller as a RADIUS Client and TACACS+ Client

    On a C Series Controller, you can use more than one authentication method. You can configure the C Series Controller to be a RADIUS and TACACS+ client by:

    • Configuring RADIUS and TACACS+ authentication.
    • Configuring the authentication order to prioritize the order in which the C Series Controller uses configured authentication methods.

    For each login attempt, the SRC software tries the authentication methods in the order configured, until the password matches. If one of the authentication methods in the authentication order fails to authenticate a user, the user is denied access to the C Series Controller.

    If password authentication does not appear in the prioritized list of authentication methods, the SRC software uses password authentication last. The SRC software always uses password authentication, whether or not it appears in the list of authentication methods to be used. As a result, users can log in to the C Series Controller through password authentication if configured authentication servers are unavailable.

    Figure 1 shows three authentication scenarios. In the first two, a user is authenticated while authentication servers are unavailable. In the third scenario, a users is not authenticated by an active server.

    Figure 1: Authentication Order: RADIUS, TACACS+, Password

    Authentication Order: RADIUS, TACACS+,
Password

    Published: 2014-06-12