![background image](http://html.mh-extra.com/html/cisco/sce-1000-and/sce-1000-and_configuration-manual_64496108.webp)
5-14
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
OL-7827-12
Chapter 5 Configuring the Management Interface and Security
Configuring the Available Interfaces
As with login authentication, if the server is unavailable, the next authentication method is attempted, as explained in
General
AAA Fallback and Recovery Mechanism, page 5-14
.
General AAA Fallback and Recovery Mechanism
The SCE platform uses a fall-back mechanism to maintain service availability in case of an error.
The SCE platform uses a fall-back mechanism to maintain service availability in case of an error.
The AAA methods available are:
•
– AAA is performed by the use of a server, allows authentication,
authorization and accounting.
•
Local
– AAA is performed by the use of a local database, allows authentication and authorization.
•
Enable
– AAA is performed by the use of user configured passwords, allows authentication and
authorization.
•
None
– no authentication\authorization\accounting is performed.
In the current implementation the order of the methods used isn't configurable but the customer can
choose which of the methods are used. The current order is
•
•
Local
•
Enable
•
None
Note
Important: If the server goes to AAA fault, the SCE platform will not be accessible until one of the AAA
methods is restored. In order to prevent this, it is advisable to use the "none" method as the last AAA
method. If the SCE platform becomes un-accessible, the shell function "AAA_MethodsReset" will allow
the user to delete the current AAA method settings and set the AAA method used to "Enable".
About Configuring
The following is a summary of the procedure for configuring . All steps are explained in detail
in the remainder of this section.
1.
Configure the remote servers.
Configure the remote servers for the protocols. Keep in mind the following guidelines
–
Configure the encryption key that the server and client will use.
–
The maximal user privilege level and enable password (password used when executing the
enable command) should be provided.
–
The configuration should always include the root user, giving it the privilege level of 15.
–
Viewer (privilege level 5) and superuser (privilege level 10) user IDs should be established at
this time also.