Setup Guide

ManualsBrandsDell ManualsAccess PlatformsC9010 Modular Chassis Switch

941

942

943

944

945

946

947

948

949

950

Congure the optional communication parameters for the specic host:

– port port-number: the range is from 0 to 65335. Enter a TCP port number. The default is 49.

– timeout seconds: the range is from 0 to 1000. Default is 10 seconds.

– key key: enter a string for the key. The key can be up to 42 characters long. This key must match a key congured on the

TACACS+ server host. This parameter must be the last parameter you congure.

If you do not congure these optional parameters, the default global values are applied.

Example of Connecting with a TACACS+ Server Host

To specify multiple TACACS+ server hosts, congure the tacacs-server host command multiple times. If you congure multiple

TACACS+ server hosts, the system attempts to connect with them in the order in which they were congured.

To view the TACACS+ conguration, use the show running-config tacacs+ command in EXEC Privilege mode.

To delete a TACACS+ server host, use the no tacacs-server host {hostname | ip-address} command.

freebsd2# telnet 2200:2200:2200:2200:2200::2202

Trying 2200:2200:2200:2200:2200::2202...

Connected to 2200:2200:2200:2200:2200::2202.

Escape character is '^]'.

Password:

Dell#

Command Authorization

The AAA command authorization feature congures the system to send each conguration command to a TACACS server for

authorization before it is added to the running conguration.

By default, the AAA authorization commands congure the system to check both EXEC mode and CONFIGURATION mode commands.

Use the no aaa authorization config-commands command to enable only EXEC mode command checking.

If rejected by the AAA server, the command is not added to the running cong, and a message displays:

04:07:48: %SYSTEM-P:CP %SEC-3-SEC_AUTHORIZATION_FAIL: Authorization failure Command

authorization failed for user (denyall) on vty0 ( 10.11.9.209 )

Protection from TCP Tiny and Overlapping Fragment

Attacks

Tiny and overlapping fragment attack is a class of attack where congured ACL entries — denying TCP port-specic trac — is bypassed

and trac is sent to its destination although denied by the ACL.

RFC 1858 and 3128 proposes a countermeasure to the problem. This countermeasure is congured into the line cards and enabled by

default.

Enabling SCP and SSH

Secure shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network. The Dell Neetworking

OS is compatible with SSH versions 1.5 and 2, both the client and server modes. SSH sessions are encrypted and use authentication.

For details about the command syntax, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference Guide.

SCP is a remote le copy program that works with SSH and is supported on the switch.

NOTE

: The Windows-based WinSCP client software is not supported for secure copying between a PC and a Dell Networking

OS-based system. Unix-based SCP client software is supported.

To use the SSH client, use the following command.

Security

941