Administrator Guide

ManualsBrandsDell ManualsserversDell Force10 MXL Blade

671

672

673

674

675

676

677

678

679

680

Enabling AAA Authentication — RADIUS

To enable authentication from the RADIUS server, and use TACACS as a backup, use the following commands.

1. Enable RADIUS and set up TACACS as backup.

CONFIGURATION mode

aaa authentication enable default radius tacacs

2. Establish a host address and password.

CONFIGURATION mode

radius-server host x.x.x.x key some-password

3. Establish a host address and password.

CONFIGURATION mode

tacacs-server host x.x.x.x key some-password

Example of Enabling Authentication from the RADIUS Server

Example of Enabling Local Authentication for the Console and Remote Authentication for VTY Lines

To get enable authentication from the RADIUS server and use TACACS as a backup, issue the following commands.

Dell(config)# aaa authentication enable default radius tacacs

Radius and TACACS server has to be properly setup for this.

Dell(config)# radius-server host x.x.x.x key <some-password>

Dell(config)# tacacs-server host x.x.x.x key <some-password>

To use local authentication for enable secret on the console, while using remote authentication on VTY lines, issue the following

commands.

Dell(config)# aaa authentication enable mymethodlist radius tacacs

Dell(config)# line vty 0 9

Dell(config-line-vty)# enable authentication mymethodlist

Server-Side Conguration

• TACACS+ — When using TACACS+, Dell Networking sends an initial packet with service type SVC_ENABLE, and then sends a

second packet with just the password. The TACACS server must have an entry for username $enable$.

• RADIUS — When using RADIUS authentication, the system sends an authentication packet with the following:

Username: $enab15$

Password: <password-entered-by-user>

Therefore, the RADIUS server must have an entry for this username.

AAA Authorization

The Dell Networking OS enables AAA new-model by default.

You can set authorization to be either local or remote. Dierent combinations of authentication and authorization yield dierent

results. By default, the system sets both to local.

Privilege Levels Overview

Limiting access to the system is one method of protecting the system and your network. However, at times, you might need to allow

others access to the router and you can limit that access to a subset of commands. In the Dell Networking OS, you can congure a

privilege level for users who need limited access to the system.

Every command in the Dell Networking OS is assigned a privilege level of 0, 1, or 15. You can congure up to 16 privilege levels. The

Dell Networking OS is pre-congured with three privilege levels and you can congure 13 more. The three pre-congured levels are:

680

Security