NSG 9000-6G - Harmonic Inc
NSG 9000-6G - Harmonic Inc
NSG 9000-6G - Harmonic Inc
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Chapter 3 Configuring Platform Parameters<br />
Device Authentication<br />
3.9 Device Authentication<br />
<strong>NSG</strong> <strong>9000</strong> may use a Remote Authentication Dial In User Service (RADIUS) server to<br />
authenticate and authorize users who are trying to log into the <strong>NSG</strong> <strong>9000</strong>.<br />
To enable the RADIUS authentication, the following should apply:<br />
• Connection to a RADIUS server - <strong>NSG</strong> is defined as a client of the RADIUS server<br />
• <strong>NSG</strong> <strong>9000</strong> is configured to work in Remote mode<br />
• The RADIUS server database should include three types of authorized <strong>NSG</strong> users. Any<br />
user defined in the RADIUS server must belong to one of these groups:<br />
<br />
<br />
<br />
Admin<br />
Config<br />
Guest<br />
The following table lists the permissions of each group of users:<br />
Table 3-3: <strong>NSG</strong> <strong>9000</strong> Permission per Users<br />
User<br />
Device<br />
Configuration<br />
Change IP<br />
Tables<br />
Password of<br />
Local Users<br />
Upgrade<br />
Authentication<br />
Mode<br />
Monitoring<br />
admin Yes Yes Yes Yes Yes Yes<br />
config Yes No No No No Yes<br />
guest No No No No No Yes<br />
Once a user is trying to log into the <strong>NSG</strong> <strong>9000</strong> either via HTTP/HTTPS or SSH, <strong>NSG</strong> <strong>9000</strong><br />
challenges the RADIUS server. Once the user is authenticated and authorized, the user can<br />
log into the device.<br />
Upon a communication problem with the RADIUS server, while performing authentication,<br />
the <strong>NSG</strong> automatically switches to a local authentication method. However, once the problem<br />
is fixed, remote authentication is performed as long as Remote is the configured<br />
authentication mode.<br />
When working in Remote mode, local users cannot login.<br />
<br />
To configure RADIUS Mode<br />
1. Open the web client of the device.<br />
2. Select Platform > Chassis > Authentication tab:<br />
3. Open the Authentication Type list and select either of the following:<br />
<br />
<br />
Local - authentication and authorization is performed locally, against the database of<br />
the <strong>NSG</strong> <strong>9000</strong>-<strong>6G</strong><br />
Remote-RADIUS - authentication and authorization is performed by the RADIUS<br />
server. When selected, move to the following step to configure the required<br />
parameters.<br />
© 2012 <strong>Harmonic</strong> <strong>Inc</strong>. 34 <strong>NSG</strong> <strong>9000</strong>-<strong>6G</strong>, Version 2.7, Rev B