The CMP system supports RADIUS Authentication and Accounting. You can configure the CMP system to operate in a network environment including multiple authentication servers, one authentication server, or no servers.
If both primary and secondary authentication servers are defined, the authentication process is as follows:
- The CMP system contacts the primary RADIUS server.
If it responds with Accept or Reject, that action is followed.
- If the primary server does not respond within a specified number of retries or before a timeout value, the CMP system contacts the secondary RADIUS server (if defined).
If it responds with Accept or Reject, that action is followed.
- If the secondary server does not respond, the CMP system authenticates against its local database (if enabled).
- If local authentication is not enabled, authentication fails.
- Theadmin user is always authenticated locally, regardless of configuration settings.
This process provides a fail-safe mechanism for accessing the CMP system even in the face of misconfiguration or network problems that cause the RADIUS servers to become inaccessible.