Users Guide
Authentication, Authorization, and Accounting 285
3
The following command is the first step in defining a TACACS+ server at
IP address 1.2.3.4. The result of this command is to place the user in
tacacs-server mode to allow further configuration of the server:
console(config)#tacacs-server host 1.2.3.4
4
Define the shared secret. This must be the same as the shared secret
defined on the TACACS+ server:
console(config-tacacs)#key “secret”
console(config-tacacs)#exit
5
Enter the configuration mode for the Telnet line.
console(config)#line telnet
6
Assign the tacplus login authentication method list to be used for users
accessing the switch via Telnet:
console(config-telnet)#login authentication tacplus
7
Assign the tacp enable authentication method list to be used for users
executing the enable command when accessing the switch via Telnet:
console(config-telnet)#enable authentication tacp
console(config-telnet)#exit
Public Key SSH Authentication Example
The following is an example of a public key configuration for SSH login.
Using a tool such as putty and a private/public key infrastructure, one can
enable secure login to the Dell EMC Networking N-Series switch without a
password. Instead, a public key is used with a private key kept locally on the
administrator's computer. The public key can be placed on multiple devices,
allowing the administrator secure access without needing to remember
multiple passwords. It is strongly recommended that the private key be
protected with a password.
NOTE: A user logging in with this configuration would be placed in User Exec
mode with privilege level 1. To access Privileged Exec mode with privilege level 15,
use the enable command.
NOTE: Dell EMC Networking TACACS supports setting the maximum user privilege
level in the authorization response. Configure the TACACS server to send priv-lvl=
X, where X is either 1 (Non-privileged mode), or 15 (Privileged mode).