Manualshelf

CLI Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N1500 Series
931932933934935936937938939940
Security Commands 934
The additional methods of authentication are attempted only if the previous
method returns an error, not if there is an authentication failure. Only the
RADIUS, TACACS+, local and enable methods can return an error. To
ensure that authentication succeeds even if all methods return an error,
specify none as the final method in the command line. For example, if none is
specified as an authentication method after radius, no authentication is used
if the RADIUS server is down. If specified, none must be the last method in
the list.
NOTE: Auth-Type:=Local does not work for recent versions of FreeRadius.
FreeRadius ignores the configuration if Local is used. Administrators should remove
Auth-Type=Local and use the PAP or CHAP modules instead.
Example
The following example configures the default authentication login to attempt
RADIUS authentication, then local authentication, then enable
authentication, and then, if all the previous methods returned an error, allows
the administrator access to the switch console (via the none method).
console(config)# aaa authentication login default radius local enable none
aaa authorization
Use the aaa authorization command to enable authorization and optionally
create an authorization method list. A list may be identified by a user-
specified list-name or the keyword default.
Use the no form of the command to disable authorization and optionally
delete an authorization list.
Syntax
aaa authorization {commands|exec|network}{default|list-name}
{method1 [method2]}
no aaa authorization {commands|exec|network} {default|list-name}
exec
Provides Exec authorization. All methods are supported.
commands
Performs authorization of user commands. Only none and
TACACs methods are supported.
network
Performs RADIUS authorization. Only the default list is
supported.