Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsC9010 Modular Chassis Switch

871

872

873

874

875

876

877

878

879

880

authentication is set to “Yes” in the file ssh_config (root permission is required to edit this file): permission denied (host

based).

If the IP address in the RSA key does not match the IP address from which you attempt to log in, the following message

appears. In this case, verify that the name and IP address of the client is contained in the file /etc/hosts: RSA

Authentication Error.

Telnet

To use Telnet with SSH, first enable SSH, as previously described.

By default, the Telnet daemon is enabled. If you want to disable the Telnet daemon, use the following command, or disable

Telnet in the startup config. To enable or disable the Telnet daemon, use the [no] ip telnet server enable command.

Example of Using Telnet for Remote Login

Dell(conf)#ip telnet server enable

Dell(conf)#no ip telnet server enable

VTY Line and Access-Class Configuration

Various methods are available to restrict VTY access in the Dell Networking OS. These depend on which authentication scheme

you use — line, local, or remote.

Table 103. VTY Access

Authentication Method VTY access-class support? Username access-class

support?

Remote authorization

support?

Line YES NO NO

Local NO YES NO

TACACS+ YES NO YES

RADIUS YES NO YES

The system provides several ways to configure access classes for VTY lines, including:

● VTY Line Local Authentication and Authorization

● VTY Line Remote Authentication and Authorization

VTY Line Local Authentication and Authorization

The system retrieves the access class from the local database.

To use this feature:

1. Create a username.

2. Enter a password.

3. Assign an access class.

4. Enter a privilege level.

You can assign line authentication on a per-VTY basis; it is a simple password authentication, using an access-class as

authorization.

Configure local authentication globally and configure access classes on a per-user basis.

The system can assign different access classes to different users by username. Until users attempt to log in, the system does

not know if they will be assigned a VTY line. This means that incoming users always see a login prompt even if you have

excluded them from the VTY line with a deny-all access class. After users identify themselves, the system retrieves the access

class from the local database and applies it. (The system can then close the connection if a user is denied access.)

NOTE:

If a VTY user logs in with RADIUS authentication, the privilege level is applied from the RADIUS server only if you

configure RADIUS authentication.

880 Security