1. ACLI Reference Guide
  2. ACLI Configuration Elements A-M
  3. authentication

authentication

The authentication configuration element is used for configuring an authentication profile.

Parameters

source-port
Enter the port number on the Oracle Communications Session Border Controller to send messages to the RADIUS server
  • Default: 1812
  • Values: 1645 | 1812
type
Enter the type of user authentication
  • Default: local
  • Values: local | radius| tacacs
protocol
Select the protocol type to use with your RADIUS server(s)
  • Default: pap
  • Values: pap | chap | mschapv2 | ascii | IKEv2-IPsec
tacacs-authentication-only
When enabled, restricts remote login to TACACS+ when available.
  • Default: disabled
  • Values: enabled | disabled
tacacs-authorization
Enable or disable command-based authorization of admin users for TACACS.
  • Default: enabled
  • Values: enabled | disabled
tacacs-accounting
Enable or disable accounting of admin ACLI operations.
  • Default: enabled
  • Values: enabled | disabled
server-assigned-privilege
Enables a proprietary TACACS+ variant that, after successful user authentication, adds an additional TACACS+ request/reply exchange.
  • Default: disabled
  • Values: enabled | disabled
allow-local-authorization
Enable this parameter if you want the Oracle Communications Session Border Controller to authorize users to enter Super (administrative) mode locally even when your RADIUS server does not return the ACME_USER_CLASS VSA or the Cisco-AVPair VSA.
  • Default: disabled
  • Values: enabled | disabled
login-as-admin
Enable this parameter if you want users to be logged automatically in Superuser (administrative) mode.
  • Default: disabled
  • Values: enabled | disabled
management-strategy
Enter the management strategy used to distribute authentication requests.
  • Default: hunt
  • Values: round-robin | hunt
ike-radius-params-name
Enter the auth-params instance to be assigned to this element.
  • Default: None
  • Values: Name of an existing auth-params configuration element
management-servers
Enter a list of servers used for management requests
radius-servers
Enter the radius-servers subelement
tacacs-server
Enter the tacacs-servers subelement
authentication-over-ipsec
Enable or disable authentication over IPSec.

When this parameter is enabled and security, authentication, type is set to radius and you have a security, authentication, management-servers list configured, the OCSBC checks that the addresses configured in the management-servers list matches any of the security-policy's remote-ip-address-match and remote-ip-mask subnet. If not, the OCSBC gives a warning with a list of specific radius-server IPs that do not match.

When this parameter is disabled and security, authentication, type is set to radius and you have a security, authentication, management-servers list configured, the OCSBC checks that the addresses configured in the management-servers list matches any of the security-policy's remote-ip-address-match and remote-ip-mask subnet. If there is a match, the OCSBC sends a warning stating that RADIUS messages will be encrypted.

Path

authentication is an element under the security path. The full path from the topmost prompt is: configure terminal , and then security , and then authentication.