Dell FCX624-S Laptop User Manual


  Open as PDF
of 1494
 
1192 PowerConnect B-Series FCX Configuration Guide
53-1002266-01
Configuring RADIUS security
32
Configuring authentication-method lists for RADIUS
You can use RADIUS to authenticate Telnet/SSH access and access to Privileged EXEC level and
CONFIG levels of the CLI. When configuring RADIUS authentication, you create
authentication-method lists specifically for these access methods, specifying RADIUS as the
primary authentication method.
Within the authentication-method list, RADIUS is specified as the primary authentication method
and up to six backup authentication methods are specified as alternates. If RADIUS authentication
fails due to an error, the device tries the backup authentication methods in the order they appear in
the list.
When you configure authentication-method lists for RADIUS, you must create a separate
authentication-method list for Telnet or SSH CLI access and for CLI access to the Privileged EXEC
level and CONFIG levels of the CLI.
To create an authentication-method list that specifies RADIUS as the primary authentication
method for securing Telnet access to the CLI.
PowerConnect(config)#enable telnet authentication
PowerConnect(config)#aaa authentication login default radius local
The commands above cause RADIUS to be the primary authentication method for securing Telnet
access to the CLI. If RADIUS authentication fails due to an error with the server, local authentication
is used instead.
To create an authentication-method list that specifies RADIUS as the primary authentication
method for securing access to Privileged EXEC level and CONFIG levels of the CLI.
PowerConnect(config)#aaa authentication enable default radius local none
The command above causes RADIUS to be the primary authentication method for securing access
to Privileged EXEC level and CONFIG levels of the CLI. If RADIUS authentication fails due to an error
with the server, local authentication is used instead. If local authentication fails, no authentication
is used; the device automatically permits access.
Syntax: [no] aaa authentication enable | login default <method1> [<method2>] [<method3>]
[<method4>] [<method5>] [<method6>] [<method7>]
The web-server | enable | login parameter specifies the type of access this authentication-method
list controls. You can configure one authentication-method list for each type of access.
NOTE
If you configure authentication for Web management access, authentication is performed each time
a page is requested from the server. When frames are enabled on the Web Management Interface,
the browser sends an HTTP request for each frame. The Dell PowerConnect device authenticates
each HTTP request from the browser. To limit authentications to one per page, disable frames on the
Web Management Interface.
The <method1> parameter specifies the primary authentication method. The remaining optional
<method> parameters specify additional methods to try if an error occurs with the primary method.
A method can be one of the values listed in the Method Parameter column in the following table.