User Guide
OmniAccess SafeGuard OS Administration Guide
261
Chapter 6: Configuring Authentication and Role Derivation
Configuring Remote Authentication
In addition to local authentication, SafeGuard OS also supports authentication by
RADIUS servers.
To configure a RADIUS server, use the following checklist:
1 Configure the RADIUS servers on the SafeGuard device by using the aaa radius-
server command described in Configuring RADIUS Servers on page 252.
2 Create an authentication login list that uses RADIUS as the authentication
method. The commands for creating and displaying the configuration are
described in Adding or Deleting a User from the Local Authentication Database on
page 258 and Displaying the Local Authentication Database on page 259.
3 Assign the list to the
defaultLogin user to ensure that any non-configured users
who attempt to login to the management port are authenticated against the
RADIUS server. See Assigning a Login List to the Default Login User on page 44 for
further details.
4 Verify that your RADIUS list is assigned to the
defaultLogin list using the show
running-config command. This command is described in Displaying Configuration
Information on page 114.
5 Configure users on the RADIUS server to have administrative access.
IEEE 802.1x Authentication
This section describes how to configure IEEE 802.1x, port-based authentication, on the
SafeGuard Switch. The IEEE 802.1x is a standard for network access control that covers
both wired and wireless network authentication for hosts or supplicants. Under 802.1x,
the network port remains disconnected until the host completes authentication.
There are three components to an 802.1x implementation:
Session Type The type of connection the user is using. The session type
can either be telnet or serial.
NOTE: IEEE 802.1x authentication applies to SafeGuard Switches, and does
not apply to SafeGuard Controllers.
Field Description