EasyManua.ls Logo

Dell S3048-ON - Page 701

Dell S3048-ON
1036 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
The following example shows enabling local authentication for console and remote authentication for the VTY lines.
Dell(config)# aaa authentication enable mymethodlist radius tacacs
Dell(config)# line vty 0 9
Dell(config-line-vty)# enable authentication mymethodlist
Server-Side Conguration
Using AAA authentication, the switch acts as a RADIUS or TACACS+ client to send authentication requests to a TACACS+ or RADIUS
server.
TACACS+ — When using TACACS+, Dell Networking sends an initial packet with service type SVC_ENABLE, and then sends a second
packet with just the password. The TACACS server must have an entry for username $enable$.
RADIUS — When using RADIUS authentication, the Dell OS sends an authentication packet with the following:
Username: $enab15$
Password: <password-entered-by-user>
Therefore, the RADIUS server must have an entry for this username.
Conguring Re-Authentication
Starting from Dell Networking OS 9.11(0.0), the system enables re-authentication of user whenever there is a change in the authenticators.
The change in authentication happens when:
Add or remove an authentication server (RADIUS/TACACS+)
Modify an AAA authentication/authorization list
Change to role-only (RBAC) mode
The re-authentication is also applicable for authenticated 802.1x devices. When there is a change in the authetication servers, the
supplicants connected to all the ports are forced to re-authenticate.
1 Enable the re-authentication mode.
CONFIGURATION mode
aaa reauthentication enable
2 You are prompted to force the users to re-authenticate while adding or removing a RADIUS/TACACS+ server.
CONFIGURATION mode
aaa authentication login method-list-name
Example:
Dell(config)#aaa authentication login vty_auth_list radius
Force all logged-in users to re-authenticate (y/n)?
3 You are prompted to force the users to re-authenticate whenever there is a change in the RADIUS server list..
CONFIGURATION mode
radius-server host IP Address
Example:
Dell(config)#radius-server host 192.100.0.12
Force all logged-in users to re-authenticate (y/n)?
Dell(config)#no radius-server host 192.100.0.12
Force all logged-in users to re-authenticate (y/n)?
Security
701

Table of Contents

Related product manuals