API Guide
The authentication methods in the method list execute in the order you configure them. Re-enter the methods to change the
order. The local authentication method remains enabled even if you remove all configured methods in the list using the no
aaa authentication login {console | default} command.
NOTE: If you configure multiple authentication methods on Dell EMC PowerEdge MX7000 Ethernet switches—MX9116n
Fabric Switching Engine and MX5108n Ethernet Switch—operating in SmartFabric mode, you must configure local
authentication as the first method in the list.
● Configure the AAA authentication method in CONFIGURATION mode.
aaa authentication login {console | default} {local | group radius | group tacacs+}
○ console—Configure authentication methods for console logins.
○ default—Configure authentication methods for nonconsole such as SSH and Telnet logins.
○ local—Use the local username, password, and role entries configured with the username password role
command.
○ group radius—Configure RADIUS servers using the radius-server host command.
○ group tacacs+—Configure TACACS+ servers using the tacacs-server host command.
Configure user role on server
If a console user logs in with RADIUS or TACACS+ authentication, the role you configured for the user on the RADIUS or
TACACS+ server applies. User authentication fails if no role is configured on the authentication server.
To authenticate a user on OS10 through a TACACS+ server, configure the mandatory role with the value sysadmin along with
15 as privilege level on the TACACS+ Server. The following figure shows the Cisco ISE TACACS server configuration:
1026
Security