Filter
Top Products
and different users. In Dell Networking OS, AAA uses a list of authentication methods, called method lists,
to define the types of authentication and the sequence in which they are applied. You can define a
method list or use the default method list. User-defined method lists take precedence over the default
method list.
NOTE: If a console user logs in with RADIUS authentication, the privilege level is applied from the
RADIUS server if the privilege level is configured for that user in RADIUS, whether you configure
RADIUS authorization.
NOTE: RADIUS and TACACS servers support VRF-awareness functionality. You can create RADIUS
and TACACS groups and then map multiple servers to a group. The group to which you map
multiple servers is bound to a single VRF.
Configuration Task List for AAA Authentication
The following sections provide the configuration tasks.
• Configure Login Authentication for Terminal Lines
• Configuring AAA Authentication Login Methods
• Enabling AAA Authentication
For a complete list of all commands related to login authentication, refer to the Security chapter in the
Dell Networking OS Command Reference Guide.
Configure Login Authentication for Terminal Lines
You can assign up to five authentication methods to a method list. Dell Networking OS evaluates the
methods in the order in which you enter them in each list.
If the first method list does not respond or returns an error, Dell Networking OS applies the next method
list until the user either passes or fails the authentication. If the user fails a method list, Dell Networking
OS does not apply the next method list.
Configuring AAA Authentication Login Methods
To configure an authentication method and method list, use the following commands.
Dell Networking OS Behavior: If you use a method list on the console port in which RADIUS or TACACS
is the last authentication method, and the server is not reachable, Dell Networking OS allows access even
though the username and password credentials cannot be verified. Only the console port behaves this
way, and does so to ensure that users are not locked out of the system if network-wide issue prevents
access to these servers.
1. Define an authentication method-list (method-list-name) or specify the default.
CONFIGURATION mode
aaa authentication login {method-list-name | default} method1 [... method4]
The default method-list is applied to all terminal lines.
Possible methods are:
• enable: use the password you defined using the enable secret or enable password
command in CONFIGURATION mode.
800
Security