Control | Description |
Authentication Methods | Specifies the authentication method. Select an authentication method from the drop-down list. The methods are listed in the order in which they occur. If authorization fails on the first method, the next method is attempted, and so on, until all the methods have been attempted. |
For RADIUS/TACACS+, fallback only when servers are unavailable. | Specifies that the SteelHead falls back to a RADIUS or TACACS+ server only when all other servers do not respond. This is the default setting. When this feature is disabled, the SteelHead does not fall back to the RADIUS or TACACS+ servers. If it exhausts the other servers and does not get a response, it returns a server failure. |
Safety Account | Creates a safety account so that admin or sys admin users can login to the SteelHead even if remote authentication servers are unreachable. A safety account increases security and conforms to US National Institute of Standards and Technology (NIST) requirements. Only the selected safety account will be allowed to login in cases where the AAA server isn’t reachable. (Only one user can be assigned to the safety account.) You can create a system administrator user in the Administration > Security: User Permissions page. For details, see Chapter: Managing user permissions. |
Safety Account User | Select the user from the drop-down list. |
Authorization Policy | Appears only for some Authentication Methods. Optionally, select one of these policies from the drop-down list: • Remote First - Check the remote server first for an authentication policy, and only check locally if the remote server does not have one set. This is the default behavior. • Remote Only - Only checks the remote server. • Local Only - Only checks the local server. All remote users are mapped to the user specified. Any vendor attributes received by an authentication server are ignored. |
Default User | Select the default user from the drop-down list. |