DGS-1210/ME Metro Ethernet Switch CLI Reference Guide
441
The sequence of methods implemented in this command affects the
authentication result. For example, if a user enters a sequence of
methods like tacacs+ – radius – local_enable, the Switch sends an
authentication request to the first TACACS+ host in the server
group. If no verification is found, the Switch sends an authentication
request to the second TACACS+ host in the server group and so on,
until the list is exhausted. At that point, the Switch restarts the same
sequence with the following protocol listed, radius. If no
authentication takes place using the radius list, the local_enable
password set in the Switch is used to authenticate the user.
Successful authentication using any of these methods gives the user
an ‘Admin’ level privilege.
Parameters
default – The default method list for adminstration rights
authentication, as defined by the user. The user may choose one or
more of the following authentication methods:
• tacacs+ – Specifies that the user is to be authenticated
using the TACACS+ protocol from the remote TACACS+
server hosts of the TACACS+ server group list.
• radius – Specifies that the user is to be authenticated using
the RADIUS protocol from the remote RADIUS server hosts
of the RADIUS server group list.
• local - Specifies that the user is to be authenticated using
the local user account database on the Switch.
• server_group <string 15> – Specifies the server group name
for authentication.
• none – Specifies that no authentication is required to access
the Switch.
method_list_name <string 15> – Specifies a previously created
authen_enable method_list_name. The user may add one or more
of the following authentication methods to this method list:
• tacacs+ – Specifies that the user is to be authenticated
using the TACACS+ protocol from a remote TACACS+
server.
• radius - Specifies that the user is to be authenticated using
the RADIUS protocol from a remote RADIUS server.
• local - Specifies that the user is to be authenticated using
the local user account database on the Switch. The local
enable password of the device can be configured using the
‘config admin local_password’ command.
• server_group <string 15> –Specifies that the user is to be
authenticated using the server group account database on
the Switch.
• none – Specifies that no authentication is required to access
the Switch.
Restrictions Only Administrator-level users can issue this command.
Example usage:
To configure the user defined method list ‘Permit’ with authentication methods TACACS+, RADIUS and
local_enable, in that order.
To Next Page
Loading...
