The Command Center server supports a unified system of authentication, authorization, and accounting (AAA) protocols, including RADIUS, LDAP, and TACACS, in addition to supporting local servers for authenticating local users and groups. The unified support provides a common interface to authenticate and authorize all of the local and external AAA clients who are accessing the system. Command Center can authenticate users regardless of the actual protocols they use to communicate with the system.
Cascading external authentication servers provides a continuous non-failing process for authenticating external users. If authentication fails on the first authentication server, the Command Center server attempts to authenticate the user by using the second external authentication server, and so on. If you Enable fallback local authentication, then the authentication will fallback to local Command Center authentication server if all external authentication fails.
To enable cascading authentication, you need to add the external authentication servers to Command Center. You can add any type of the supported external authentication servers (RADIUS, LDAP, and TACACS). For example, if you want to add four external authentication servers for cascading authentication, you can add two RADIUS servers, one LDAP server, and one TACACS server, or all servers can be of RADIUS type. You can configure up to 32 external authentication servers in Command Center.
You can add any number of external authentication profiles in Command Center by navigating to Authentication > LDAP/RADIUS/TACACS.
To configure cascading external authentication servers
1. In Command Center, navigate to Administration> Authentication. In the right pane, click Authentication Settings.
2. On the Configure Authentication Settings page, select EXTERNAL from the Authentication Server drop-down list (only external servers can be cascaded).
3. Move the available external servers from the Available table to the Configured table to add them to your instance group. You can specify the order of authentication by using the arrow keys icon in the configured table to move the server up or down the configured list.
4. You can choose to use local authentication server in case external authentication fails by selecting the Enable fallback local authentication checkbox.
5. Click OK.