Dophiのブログ

       The CMC (Central Management Console) has the top priority to control all Steelhead Appliances in a domain. But, in a special case, I would like to let some Steelhead Appliances escape from the control of CMC due to a customer's requirement. As I know, CMC can control all Steelhead Appliances even change the password without any confirmation procedure. I don't how CMC does it but get an idea to prevent the password control from a CMC. Does this solution work? I will know the result next week.

      Steelhead Appliance provides RADIUS and TACACS+ authentication for administrator and "monitor" account login. This is a very simple function that doesn't require any attribute sent from the authentication server. All I have to do on a RADIUS server is just creating a Caller ID as the IP address of the primary interface of a Steelhead Appliance and shared secret. At this lab, I use Windows 2003 as the RADIUS server and Steelhead Appliance version 5.0.2d.

1. RADIUS Setting

GUI: Configure > Security > RADIUS, Add a new RADIUS server and only enter the shared secret key and IP address of RADIUS server. At this step, I choose Global Default Key because I always define the same key on my server.

CLI:

amnesiac (config) # radius-server key 7 12345   #The "7" before key string means encrypted.
amnesiac (config) # radius-server host 192.168.10.10

2. Authentication Methods:  I choose "RADIUS only" to prevent CMC login.

GUI: Configure > Security > General Security Settings

CLI:

amnesiac (config) # aaa authentication login default radius

      I hope this way can help the customer and will update it when I have any news.