The Access Control Page
To gain access to the Access Control Page, complete the following:
Server Ordering for RADIUS and TACACS Servers
Server ordering allows you to prioritize RADIUS and TACACS+ servers and specify the order that CloudVision should follow when attempting login authentication.
Ordering Servers
To order RADIUS and TACACS+ servers:
- Go to Settings and Tools>Access Control and select either
RADIUS or TACACS.
Figure 4. Access Control - Click Add Server to launch a modal.
- Enter details for the relevant server including a priority value.
Figure 5. Add RADIUS Server -
A valid priority value is between 1 and 100. The highest priority level is 0 and the lowest is 100. Only servers that were added to Access Control prior to the introduction of server ordering will be assigned a priority of 0. The priority of these servers can easily be changed by using the increase priority and decrease priority actions, or by editing the server.
The values listed next to the server IP address in the priority list correspond to the user-configured priority values.
Figure 6. Server Priority Note: Multiple servers can share the same priority. Servers with the same priority level will be selected at random for login authorization. - Use the actions next to a listed server IP address to rearrange the priority of a server,to edit, or delete it.
Dead Time Duration Setting
With the Server Dead Time Duration setting for RADIUS and TACACS+ servers, you can configure how long a server will be considered dead for the purposes of AAA authentication.Previously, CloudVision attempted authentication with live servers first, then dead servers.An unreachable server was marked as dead and remained so until the next successful authentication call with the server.Now, once servers are ordered, you can use the Dead Time Duration setting to skip an unreachable server only until its dead timer expires.
Setting Dead Time Duration
To set Server Dead Time Duration visit Settings>Access Control, and select either RADIUS or TACACS+ authentication.
![](/assets/images/user-manual/cg-cv/Graphics/Authentication%20and%20Authorization%20CVP/Radius%20authintication.png)
Make sure that servers are prioritized. Then select the appropriate dead time duration from the dropdown. This is a global setting for all AAA servers.
![](/assets/images/user-manual/cg-cv/Graphics/Authentication%20and%20Authorization%20CVP/Set%20Server%20Deadtime%20Duration.png)
Username Inclusion in the TACACS+ Authentication Start Packet
Previously, CloudVision did not send the username in the start packet for authentication via TACACS+ servers. Toggling the Send Username setting off or on enables you to now decide whether or not to include the username in the initial packet.
Enabling Username Inclusion
- Go to Settings>Access Control and select TACACS authentication.
Figure 9. Select TACAS - Select either Yes or No as appropriate, then click Save.