Configuring Administration Settings : Configuring Security Settings : Configuring General Security Settings
  
Configuring General Security Settings
You can prioritize local, RADIUS, and TACACS+ authentication methods for the system and set the authorization policy and default user for RADIUS and TACACS+ authorization systems in the General Security Settings page.
Important: Make sure to put the authentication methods in the order in that you want authentication to occur. If authorization fails using the first method, the next method is attempted, and so forth, until all the methods have been attempted.
Tip: To set TACACS+ authorization levels (admin or read-only) to allow certain members of a group to log in, add these attribute to users on the TACACS+ server:
service = rbt-exec {
local-user-name = "monitor"
}
where you replace monitor with admin for write access.
For details about setting up RADIUS and TACACS+ servers, see the SteelHead Deployment Guide.
To set general security settings
1. Choose Administration > Security: General Security Settings to display the General Security Settings page.
Figure: Configuring General Security Settings
2. Under Authentication Methods, complete the configuration as described in this table.
Control
Description
Authentication Methods
Specifies the authentication method. Select an authentication method from the drop-down list. The methods are listed in the order in which they occur. If authorization fails on the first method, the next method is attempted, and so on, until all of the methods have been attempted.
For RADIUS/TACACS+, fallback only when servers are unavailable.
Specifies that the SteelHead falls back to a RADIUS or TACACS+
server only when all other servers do not respond. This is the default setting.
When this feature is disabled, the SteelHead does not fall back to the RADIUS or TACACS+ servers. If it exhausts the other servers and does not get a response, it returns a server failure.
Authorization Policy
Appears only for some Authentication Methods. Optionally, select one of these policies from the drop-down list:
•  Remote First - Check the remote server first for an authentication policy, and only check locally if the remote server does not have one set. This is the default behavior.
•  Remote Only - Checks the remote server.
•  Local Only - Checks the local server. All remote users are mapped to the user specified. Any vendor attributes received by an authentication server are ignored.
Default User
Select the default user from the drop-down box.
Apply
Applies your settings to the running configuration.
3. Click Save to Disk to save your settings permanently.
Related Topics
•  Setting RADIUS Servers
•  Configuring TACACS+ Access