Troubleshooting guide

ManualsBrandsCisco ManualsComputer equipmentWide Area Virtualization Engine 274

231

232

233

234

235

236

237

238

239

240

1-29

Cisco Wide Area Application Services Configuration Guide

OL-26579-01

Chapter 1 Configuring Administrative Login Authentication, Authorization, and Accounting

Configuring Administrative Login Authentication and Authorization

c. From the Tertiary Login Method drop-down list, choose local, TACACS+, RADIUS, or

WINDOWS. This option specifies the method that the chosen device (or the device group) should

use for administrative login authentication if both the primary and the secondary methods fail.

d. From the Quaternary Login Method drop-down list, choose local, TACACS+, RADIUS, or

WINDOWS. This option specifies the method that the chosen device (or device group) should use

for administrative login authentication if the primary, secondary, and tertiary methods all fail.

Note We strongly recommend that you specify the local method as the last method in your prioritized

list of login authentication and authorization methods. By adhering to this practice, the WAAS

administrator will be able to still log in to a WAAS device (or the devices in the device groups)

through the local authentication and authorization method if the specified external third-party

servers (TACACS+, RADIUS, or Windows domain servers) are not reachable.

Step 6 Check the Authorization Methods check box to enable authorization privileges using the local,

TACACS+, RADIUS, or WINDOWS databases.

Note Authorization privileges apply to console and Telnet connection attempts, secure FTP (SFTP)

sessions, and Secure Shell (SSH, Version 1 and Version 2) sessions.

Step 7 Specify the order of the login authorization (configuration) methods that the chosen device (or the device

group) should use:

Note We strongly recommend that you set the administrative login authentication and authorization

methods in the same order. For example, configure the WAAS device (or device group) to use

RADIUS as the primary login method, TACACS+ as the secondary login method, Windows as

the tertiary method, and the local method as the quaternary method for both administrative login

authentication and authorization.

a. From the Primary Configuration Method drop-down list, choose local, TACACS+, RADIUS, or

WINDOWS. This option specifies the first method that the chosen device (or the device group)

should use to determine authorization privileges.

Note If you have checked the Failover to next available authentication method check box

(Step 3), make sure that you choose TACACS+ or RADIUS from the Primary Configuration

Method drop-down list to configure either the TACACS+ or RADIUS method as the primary

scheme for authorization (configuration).

b. From the Secondary Configuration Method drop-down list, choose local, TACACS+, RADIUS, or

WINDOWS. This option specifies the method that the chosen device (or the device group) should

use to determine authorization privileges if the primary method fails.

Note If you have checked the Failover to next available authentication method check box

(Step 3), make sure that you choose local from the Secondary Configuration Method

drop-down list to configure the local method as the secondary scheme for authorization

(configuration).