From time to time, we hear requests for information about how to use NCM in tandem with RADIUS and/or TACACS for device authentication, that is:
NCM -----> Device -----> RADIUS/TACACS Server.
The key lies in changing how NCM authenticates the user against the device. Typically, NCM is set up to authenticate using a set of credentials for each device. If you want to use the same credentials to log in to all devices, you can do this by going to File > Settings > Global Macro Settings > Login Information and choose the option to enable global login settings on all devices. You also have the option to set this up during installation.
However, if you want to use an external authentication server - you'll want to configure user-level device credentials:
1. Go to File->Settings->Device Connectivity Method and select the option to manage devices using individual set of credentials:
By changing this option as shown, NCM provides user-level device log in credentials for each NCM user. Also, there is special logic in our SSH/Telnet communication component to handle the RADIUS authentication prompt since devices connected to the RADIUS server may have a slightly different log in flow.
2. Next, go to File->Change My Device Login Credentials and specify user level credentials:
3. On device- level control, specify which credentials will be used to login on device (device-level or user-level):
And that's that. The device itself will authenticate the credentials against the RADIUS server - and use the permissions with the associated account.