Reference Guide

ManualsBrandsDell ManualsComputer equipmentForce10 Z9000

801

802

803

804

805

806

807

808

809

810

Security | 799

Figure 40-4. Failed Authentication

Monitor TACACS+

To view information on TACACS+ transactions, use the following command in the EXEC Privilege mode:

TACACS+ Remote Authentication and Authorization

FTOS takes the access class from the TACACS+ server. Access class is the class of service that restricts

Telnet access and packet sizes. If you have configured remote authorization, then FTOS ignores the access

class you have configured for the VTY line. FTOS instead gets this access class information from the

TACACS+ server. FTOS needs to know the username and password of the incoming user before it can

fetch the access class from the server. A user, therefore, will at least see the login prompt. If the access

class denies the connection, FTOS closes the Telnet session immediately.

Command Syntax Command Mode Purpose

debug tacacs+ EXEC Privilege View TACACS+ transactions to troubleshoot

problems.

FTOS(conf)#

FTOS(conf)#do show run aaa

aaa authentication enable default tacacs+ enable

aaa authentication enable LOCAL enable tacacs+

aaa authentication login default tacacs+ local

aaa authentication login LOCAL local tacacs+

aaa authorization exec default tacacs+ none

aaa authorization commands 1 default tacacs+ none

aaa authorization commands 15 default tacacs+ none

aaa accounting exec default start-stop tacacs+

aaa accounting commands 1 default start-stop tacacs+

aaa accounting commands 15 default start-stop tacacs+

FTOS(conf)#

FTOS(conf)#do show run tacacs+

tacacs-server key 7 d05206c308f4d35b

tacacs-server host 10.10.10.10 timeout 1

FTOS(conf)#tacacs-server key angeline

FTOS(conf)#%RPM0-P:CP %SEC-5-LOGIN_SUCCESS: Login successful for user admin on vty0

(10.11.9.209)

%RPM0-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password authentication success on vty0

( 10.11.9.209 )

%RPM0-P:CP %SEC-5-LOGOUT: Exec session is terminated for user admin on line vty0 (10.11.9.209)

FTOS(conf)#username angeline password angeline

FTOS(conf)#%RPM0-P:CP %SEC-5-LOGIN_SUCCESS: Login successful for user angeline on vty0

(10.11.9.209)

%RPM0-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password authentication success on vty0

( 10.11.9.209 )

Server key purposely changed to incorrect value

User authenticated using secondary method