Configuring General Security Settings

Note: To set TACACS+ authorization levels (admin or read-only) to allow certain members of a group to log in, add the following attribute to users on the TACACS+ server:
service = rbt-exec {
local-user-name = “monitor”
}
where you replace “monitor” with “admin” for write access.

Control	Description
Authentication Methods	Specifies the authentication method. Select an authentication method from the drop-down list. The methods are listed in the order in which they occur. If authorization fails on the first method, the next method is attempted, and so on, until all of the methods have been attempted.
For RADIUS/TACACS+, fallback only when servers are unavailable.	Specifies that the SteelHead falls back to a RADIUS or TACACS+ server only when all other servers do not respond. This is the default setting. When this feature is disabled, the SteelHead does not fall back to the RADIUS or TACACS+ servers. If it exhausts the other servers and does not get a response, it returns a server failure.
Authorization Policy	Appears only for some Authentication Methods. Optionally, select one of these policies from the drop-down list: • Remote First - Check the remote server first for an authentication policy, and only check locally if the remote server does not have one set. This is the default behavior. • Remote Only - Only checks the remote server. • Local Only - Only checks the local server. All remote users are mapped to the user specified. Any vendor attributes received by an authentication server are ignored.