Configuring More Than One Authentication Method with the C-Web Interface
On a C-series Controller, you can use more than one authentication method. You can configure the C-series Controller to be a RADIUS and TACACS+ client by:
- Configuring RADIUS and TACACS+ authentication.
- Configuring the authentication order to prioritize the order in which the C-series Controller uses configured authentication methods.
For each login attempt, the SRC software tries the authentication methods in the order configured, until the password matches. If one of the authentication methods in the authentication order fails to authenticate a user, the user is denied access to the C-series Controller.
If password authentication does not appear in the prioritized list of authentication methods, the SRC software uses password authentication last. The SRC software always uses password authentication, whether or not it appears in the list of authentication methods to be used. As a result, users can log in to the C-series Controller through password authentication if configured authentication servers are unavailable.
Figure 1 shows three authentication scenarios. In the first two, a user is authenticated while authentication servers are unavailable. In the third scenario, a user is not authenticated by an active server.
Configuring Authentication Order
To configure the order in which to use authentication servers:
- In the Authentication Order lists, click the arrow buttons to arrange the authentication servers in the order that you want.
- Enter information as described in the Help text in the main pane, and click Apply.
If you do not configure the authentication order, users are verified based on their configured passwords.