Cisco Cisco Web Security Appliance S170 사용자 가이드

Consider the following rules and guidelines when using external authentication:

You can configure up to ten RADIUS servers.

The appliance can communicate with RADIUS directories using either the Password Authentication 
Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP).

You can map all RADIUS users to the Administrator user role type or you can map RADIUS users 
to different Web Security appliance user role types.

If you will also add local users, be sure that local user names do not duplicate 
externally-authenticated user names. 

On the System Administration > Users page, click Enable.

Check the Enable External Authentication option if it is not enabled already.

Enter the hostname for the RADIUS server.

Enter the port number for the RADIUS server. The default port number is 1812.

Enter the Shared Secret password for the RADIUS server.

Enter the number of seconds for the appliance to wait for a response from the server before timing out.

(Optional) Click Add Row to add another RADIUS server. Repeat steps 

 for each RADIUS server.

You can add up to ten RADIUS servers.

Enter the number of seconds AsyncOS stores the external authentication credentials before contacting 
the RADIUS server again to re-authenticate in the “External Authentication Cache Timeout” field. 
Default is zero (0).

If the RADIUS server uses one-time passwords, for example passwords created from a token, 
enter zero (0). When the value is set to zero, AsyncOS does not contact the RADIUS server again 
to authenticate during the current session.