Filter
Top Products
1174 PowerConnect B-Series FCX Configuration Guide
53-1002266-01
Configuring TACACS/TACACS+ security
32
The command above causes TACACS/TACACS+ to be the primary authentication method for
securing access to Privileged EXEC level and CONFIG levels of the CLI. If TACACS/TACACS+
authentication fails due to an error with the server, local authentication is used instead. If local
authentication fails, no authentication is used; the device automatically permits access.
Syntax: [no] aaa authentication enable | login default <method1> [<method2>] [<method3>]
[<method4>] [<method5>] [<method6>] [<method7>]
The web-server | enable | login parameter specifies the type of access this authentication-method
list controls. You can configure one authentication-method list for each type of access.
NOTE
If you configure authentication for Web management access, authentication is performed each time
a page is requested from the server. When frames are enabled on the Web Management Interface,
the browser sends an HTTP request for each frame. The Dell PowerConnect device authenticates
each HTTP request from the browser. To limit authentications to one per page, disable frames on the
Web Management Interface.
The <method1> parameter specifies the primary authentication method. The remaining optional
<method> parameters specify additional methods to try if an error occurs with the primary method.
A method can be one of the values listed in the Method Parameter column in the following table.
NOTE
For examples of how to define authentication-method lists for types of authentication other than
TACACS/TACACS+, refer to “Configuring authentication-method lists” on page 1198.
Entering privileged EXEC mode after a Telnet or SSH login
By default, a user enters User EXEC mode after a successful login through Telnet or SSH.
Optionally, you can configure the device so that a user enters Privileged EXEC mode after a Telnet
or SSH login. To do this, use the following command.
TABLE 201 Authentication method values
Method parameter Description
line Authenticate using the password you configured for Telnet access. The Telnet password is
configured using the enable telnet password… command. Refer to “Setting a Telnet
password” on page 1149.
enable Authenticate using the password you configured for the Super User privilege level. This
password is configured using the enable super-user-password… command. Refer to “Setting
passwords for management privilege levels” on page 1150.
local Authenticate using a local user name and password you configured on the device. Local user
names and passwords are configured using the username… command. Refer to
“Configuring a local user account” on page 1158.
tacacs Authenticate using the database on a TACACS server. You also must identify the server to the
device using the tacacs-server command.
tacacs+ Authenticate using the database on a TACACS+ server. You also must identify the server to
the device using the tacacs-server command.
radius Authenticate using the database on a RADIUS server. You also must identify the server to the
device using the radius-server command.
none Do not use any authentication method. The device automatically permits access.