Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4048-ON

791

792

793

794

795

796

797

798

799

800

The following example shows enabling local authentication for console and remote authentication for the VTY lines.

Dell(config)# aaa authentication enable mymethodlist radius tacacs

Dell(config)# line vty 0 9

Dell(config-line-vty)# enable authentication mymethodlist

Server-Side Configuration

Using AAA authentication, the switch acts as a RADIUS or TACACS+ client to send authentication requests to a TACACS+ or RADIUS

server.

• TACACS+ — When using TACACS+, Dell Networking sends an initial packet with service type SVC_ENABLE, and then sends a

second packet with just the password. The TACACS server must have an entry for username $enable$.

• RADIUS — When using RADIUS authentication, the Dell OS sends an authentication packet with the following:

Username: $enab15$

Password: <password-entered-by-user>

Therefore, the RADIUS server must have an entry for this username.

Configuring Re-Authentication

Starting from Dell Networking OS 9.11(0.0), the system enables re-authentication of user whenever there is a change in the

authenticators.

The change in authentication happens when:

• Add or remove an authentication server (RADIUS/TACACS+)

• Modify an AAA authentication/authorization list

• Change to role-only (RBAC) mode

The re-authentication is also applicable for authenticated 802.1x devices. When there is a change in the authetication servers, the

supplicants connected to all the ports are forced to re-authenticate.

1 Enable the re-authentication mode.

CONFIGURATION mode

aaa reauthentication enable

2 You are prompted to force the users to re-authenticate while adding or removing a RADIUS/TACACS+ server.

CONFIGURATION mode

aaa authentication login method-list-name

Example:

Dell(config)#aaa authentication login vty_auth_list radius

Force all logged-in users to re-authenticate (y/n)?

3 You are prompted to force the users to re-authenticate whenever there is a change in the RADIUS server list..

CONFIGURATION mode

radius-server host IP Address

Example:

Dell(config)#radius-server host 192.100.0.12

Force all logged-in users to re-authenticate (y/n)?

Dell(config)#no radius-server host 192.100.0.12

Force all logged-in users to re-authenticate (y/n)?

796

Security