Security | 787
To get enable authentication from the RADIUS server, and use TACACS as
a backup, issue the following commands:
To use local authentication for enable secret on console, while using
remote authentication on VTY lines, perform the following steps:
Server-side configuration
TACACS+: When using TACACS+, Dell Force10 sends an initial packet with service type
SVC_ENABLE, and then, a second packet with just the password. The TACACS server must have an
entry for username $enable$.
RADIUS: When using RADIUS authentication, FTOS sends an authentication packet with the following:
Therefore, the RADIUS server must have an entry for this username.
AAA Authorization
FTOS enables AAA new-model by default.You can set authorization to be either local or remote. Different
combinations of authentication and authorization yield different results. By default, FTOS sets both to
local.
Privilege Levels Overview
Limiting access to the system is one method of protecting the system and your network. However, at times,
you might need to allow others access to the router and you can limit that access to a subset of commands.
In FTOS, you can configure a privilege level for users who need limited access to the system.
Every command in FTOS is assigned a privilege level of 0, 1 or 15. You can configure up to 16 privilege
levels in FTOS. FTOS is pre-configured with 3 privilege levels and you can configure 13 more. The three
pre-configured levels are:
FTOS(config)# aaa authentication enable default radius tacacs
Radius and TACACS server has to be properly setup for this.
FTOS(config)# radius-server host x.x.x.x key <some-password>
FTOS(config)# tacacs-server host x.x.x.x key <some-password>
FTOS(config)# aaa authentication enable mymethodlist radius tacacs
FTOS(config)# line vty 0 9
FTOS(config-line-vty)# enable authentication mymethodlist
Username: $enab15$
Password: <password-entered-by-user>
To Next Page
Loading...
