Users Guide

ManualsBrandsDell ManualsAccess PlatformsOS9

1361

the next method configured. If users fail the first method listed, no other methods are applied. The only

exception is the local method. If the user’s name is not listed in the local database, the next method is

applied. If the correct user name/password combination is not entered, the user is not allowed access to

the switch.

NOTE: If authentication fails using the primary method, Dell EMC Networking OS employs the

second method (or third method, if necessary) automatically. For example, if the TACACS+ server is

reachable, but the server key is invalid, Dell EMC Networking OS proceeds to the next authentication

method. The TACACS+ is incorrect, but the user is still authenticated by the secondary method.

After configuring the aaa authentication login command, configure the login

authentication command to enable the authentication scheme on terminal lines.

Connections to the SSH server work with the following login mechanisms: local, radius, and tacacs.

Commands

● login authentication — enables AAA login authentication on the terminal lines.

● password — creates a password.

● radius-server host — specifies a RADIUS server host.

● tacacs-server host — specifies a TACACS+ server host.

aaa reauthenticate enable

Enable re-authentication of user whenever there is a change in the authenticators.

Syntax

aaa reauthenticate enable

To disable the re-authentication option, use the no aaa reauthenticate enable command.

Defaults Disabled

Command Modes CONFIGURATION

Command

History

This guide is platform-specific. For command information about other platforms, see the relevant Dell

EMC Networking OS Command Line Reference Guide.

Version Description

9.12(1.0) Introduced on the S5048F–ON.

9.11(0.0) Introduced this command.

Usage

Information

When an operating system enables to change the user authenticators, the users might access resources

and perform tasks that they do not have authorization.

Once re-authentication is enabled, Dell EMC Networking OS prompts the users to re-authenticate

whenever there is a change in authenticators.

The change in authentication happens when:

● Add or remove an authentication server (RADIUS/TACACS+)

● Modify an AAA authentication/authorization list

● Change to role-only (RBAC) mode

The re-authentication is also applicable for authenticated 802.1x devices. When there is a change in the

authentication servers, the supplicants connected to all the ports are forced to re-authenticate.

Example

DellEMC(config)#aaa reauthenticate enable

DellEMC(config)#aaa authentication login vty_auth_list radius

Force all logged-in users to re-authenticate (y/n)?

DellEMC(config)#radius-server host 192.100.0.12

Force all logged-in users to re-authenticate (y/n)?

1368 Security