Specifications

ManualsBrandsCisco ManualsAnswering MachineUnity Express 8.0 Voice-Mail System

191

192

193

194

195

196

197

198

199

200

8-6

Cisco Unity Express Voice-Mail and Auto-Attendant CLI Administrator Guide for 3.0 and Later Versions

OL-14010-09

Chapter 8 Configuring Authentication, Authorization, and Accounting

Configuring the AAA Policy

Authentication Failover

The authentication failover feature enables you to optionally use a remote RADIUS server for user login

authentication in addition to the local database. The procedure in this section configures the order in

which authentication is resolved. You can configure authentication to use:

• Only the local database

• Only the remote server

• The local database first, then the remote server

• The remote server first, then the local database

When using both local and remote authentication, you can also configure whether you want the user

attributes that are retrieved from a remote RADIUS AAA server to be merged with the attributes found

in the local user database for the same username.

Note The authentication failover feature has the following limitations:

• Authentication with a RADIUS server is available only when accessing the GUI or CLI interface

and requires only a user ID and password. Authentication for the TUI, VVE, AvT, and IMAP

interfaces can use only the local database. Therefore, users of the TUI, VVE, AvT, and IMAP

interfaces must be configured locally in order to gain access. The auto-attendant interface does not

require authentication because it is user independent.

• Login information is not synchronized between the local system and the remote server. Any security

features such, as password expiration, must be configured separately for Cisco

Unity Express and

the RADIUS server. Also, Cisco Unity Express users are not prompted when security events, such

as password expiration or account lockout, occur on the RADIUS server, and vis versa.

Unreachable Failover

The unreachable failover is used only with RADIUS servers. This feature enables you to configure up to

two addresses that can be used to access RADIUS servers.

As Cisco Unity Express attempts to authenticate a user with the RADIUS servers, messages are sent to

users to notify them when a RADIUS server:

• Cannot be reached

• Fails to authenticate the user

Example

In this example, authentication is performed by the remote server first, then by the local database. Also,

two addresses are configured for the remote RADIUS server.

This is a sequence of events that could occur during authentication for this example:

1. Cisco Unity Express tries to contact the first remote RADIUS server.

2. If the first RADIUS server does not respond or does not accept the authentication credentials of the

user, Cisco Unity Express tries to contact the second remote RADIUS server.