The default security method for processing authentication requests. The realm allows the protected resources on the associated server to be partitioned into a set of protection spaces, each with its own authentication authorization database. The methods can be:
- Local - Uses the local username or password database for authentication.
- RADIUS - Uses the global pool of RADIUS servers for authentication.
- TACACS+ - Uses the global pool of TACACS+ servers for authentication.
- LDAP - Uses the global pool of LDAP servers for authentication.
- RSA - Uses the global pool of RSA servers for authentication.
- SAML - Uses the SAML server for authentication.
The default realm is Local, but can be changed.
Note: If LDAP, RADIUS, or TACACS+ is specified as the default security method and the associated provider group specified in this dialog is not available to provide authentication during a user login, fallback local authentication is not executed by the APIC server unless is specifically configured to do so.
Log into the Cisco APIC Web Console:
Navigate to 'Admin' -> 'AAA' -> 'Authentication'
In the 'Default Authentication' section ensure 'Realm' is not set to 'Local'
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Cisco_ACI.