Cisco Cisco Firepower Management Center 4000
48-32
FireSIGHT System User Guide
Chapter 48 Managing Users
Managing Authentication Objects
Step 4
Select
RADIUS
from the
Authentication Method
drop-down list.
RADIUS configuration options appear.
Step 5
Type a name and description for the authentication server in the
Name
and
Description
fields.
Step 6
Type the IP address or host name for the primary RADIUS server where you want to obtain
authentication data in the
authentication data in the
Primary Server Host Name/IP Address
field.
Note
IPv6 addresses are not supported for shell authentication. To allow shell authentication when
using an IPv6 address for your primary RADIUS server, set up an authentication object using an
IPv4 address for the server and use that IPv4 object as the first authentication object in your
system policy.
using an IPv6 address for your primary RADIUS server, set up an authentication object using an
IPv4 address for the server and use that IPv4 object as the first authentication object in your
system policy.
Step 7
Optionally, modify the port used by the primary RADIUS authentication server in the
Primary Server Port
field.
Note
If your authentication port and accounting port numbers are not sequential, leave this field blank.
The system then determines RADIUS port numbers from the
The system then determines RADIUS port numbers from the
radius
and
radacct
data in your
appliance’s
/etc/services
file.
Step 8
Type the secret key for the primary RADIUS authentication server in the
RADIUS Secret Key
field.
Step 9
Type the IP address or host name for the backup RADIUS authentication server where you want to obtain
authentication data in the
authentication data in the
Backup Server Host Name/IP Address
field.
Step 10
Optionally, modify the port used by the backup RADIUS authentication server in the
Backup Server Port
field.
Note
If your authentication port and accounting port numbers are not sequential, leave this field blank.
The system then determines RADIUS port numbers from the
The system then determines RADIUS port numbers from the
radius
and
radacct
data in your
appliance’s
/etc/services
file.
Step 11
Type the secret key for the backup RADIUS authentication server in the
RADIUS Secret Key
field.
Step 12
Type the number of seconds that should elapse before retrying the connection in the
Timeout
field.
Step 13
Type the number of times the primary server connection should be tried before rolling over to the backup
connection in the
connection in the
Retries
field.
Step 14
Continue with
.
Configuring RADIUS User Roles
License:
Any
You can specify the access roles for existing users on your RADIUS server by listing the user names for
each of the access roles used by your FireSIGHT System. When you do so, you can also configure a
default access setting for those users detected by RADIUS that are not specified for a particular role.
each of the access roles used by your FireSIGHT System. When you do so, you can also configure a
default access setting for those users detected by RADIUS that are not specified for a particular role.
When a user logs in, the FireSIGHT System checks the RADIUS server and grants access rights
depending on the RADIUS configuration:
depending on the RADIUS configuration: