xStack® DES-3200 Series Layer 2 Ethernet Managed Switch CLI Reference Guide
254
create authen_enable method_list_name
to gain administrator privileges on the Switch, which is defined by
the Administrator. A maximum of eight enable method lists can be
implemented on the Switch.
Parameters
<string 15> − Enter an alphanumeric string of up to 15 characters to
define the given enable method list to create.
Restrictions
Only Administrator-level users can issue this command.
Example usage:
To create a user-defined method list, named “Permit” for promoting user privileges to Administrator privileges:
DES-3200-28:4#create authen_enable method_list_name Permit
Command: create authen_enable method_list_name Permit
Success.
DES-3200-28:4#
config authen_enable
Purpose
Used to configure a user-defined method list of authentication
methods for promoting normal user level privileges to Administrator
level privileges on the Switch.
Syntax
config authen_enable [default | method_list_name <string 15>]
method {tacacs | xtacacs | tacacs+ | radius | server_group <string
15> | local_enable | none} (1)
Description
This command is used to promote users with normal level privileges
to Administrator level privileges using authentication methods on the
Switch. Once a user acquires normal user level privileges on the
Switch, he or she must be authenticated by a method on the Switch
to gain administrator privileges on the Switch, which is defined by the
Administrator. A maximum of eight enable method lists can be
implemented simultaneously on the Switch.
The sequence of methods implemented in this command will affect
the authentication result. For example, if a user enters a sequence of
methods like tacacs – xtacacs – local_enable, the Switch will send
an authentication request to the first TACACS host in the server
group. If no verification is found, the Switch will send an
authentication request to the second TACACS host in the server
group and so on, until the list is exhausted. At that point, the Switch
will restart the same sequence with the following protocol listed,
xtacacs. If no authentication takes place using the xtacacs list, the
local_enable password set in the Switch is used to authenticate the
user.
Successful authentication using any of these methods will give the
user an “Admin” level privilege.
Parameters
default – The default method list for administration rights
authentication, as defined by the user. The user may choose one or
a combination of up to four of the following authentication methods:
tacacs – Adding this parameter will require the user to be
authenticated using the TACACS protocol from the remote TACACS
server hosts of the TACACS server group list.
xtacacs – Adding this parameter will require the user to be
authenticated using the XTACACS protocol from the remote
XTACACS server hosts of the XTACACS server group list.
tacacs+ – Adding this parameter will require the user to be
authenticated using the TACACS+ protocol from the remote