Concept Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4048T-ON

891

892

893

894

895

896

897

898

899

900

If the IP address in the RSA key does not match the IP address from which you attempt to log in, the following message appears. In this

case, verify that the name and IP address of the client is contained in the le /etc/hosts: RSA Authentication Error.

Telnet

To use Telnet with SSH, rst enable SSH, as previously described.

By default, the Telnet daemon is enabled. If you want to disable the Telnet daemon, use the following command, or disable Telnet in the

startup cong. To enable or disable the Telnet daemon, use the [no] ip telnet server enable command.

The Telnet server or client is VRF-aware. You can enable a Telnet server or client to listen to a specic VRF by using the vrf vrf-

instance-name parameter in the telnet command. This capability enables a Telent server or client to look up the correct routing table

and establish a connection.

Example of Using Telnet for Remote Login

DellEMC(conf)#ip telnet server enable

DellEMC(conf)#no ip telnet server enable

VTY Line and Access-Class Conguration

Various methods are available to restrict VTY access in . These depend on which authentication scheme you use — line, local, or remote.

Table 101. VTY Access

Authentication Method VTY access-class support? Username access-class

support?

Remote authorization support?

Line YES NO NO

Local NO YES NO

TACACS+ YES NO YES (with version 5.2.1.0 and

later)

RADIUS YES NO YES (with version 6.1.1.0 and

later)

provides several ways to congure access classes for VTY lines, including:

• VTY Line Local Authentication and Authorization

• VTY Line Remote Authentication and Authorization

VTY Line Local Authentication and Authorization

retrieves the access class from the local database.

To use this feature:

1 Create a username.

2 Enter a password.

3 Assign an access class.

4 Enter a privilege level.

You can assign line authentication on a per-VTY basis; it is a simple password authentication, using an access-class as authorization.

Congure local authentication globally and congure access classes on a per-user basis.

can assign dierent access classes to dierent users by username. Until users attempt to log in, does not know if they will be assigned a

VTY line. This means that incoming users always see a login prompt even if you have excluded them from the VTY line with a deny-all

Security

891