Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4112F-ON/S4112T-ON

451

452

453

454

455

456

457

458

459

460

Parameters

• management — Congures the management VRF to be used to reach the Telnet server.

Default The Telnet server is reachable on the default VRF.

Command Mode CONFIGURATION

Usage Information By default, the Telnet server is disabled. To enable the Telnet server, enter the telnet enable command. To

congure the Telnet server to be reachable on the management VRF instance, use the ip telnet server

vrf management

command.

Example

OS10(config)# ip telnet server vrf management

Supported Releases 10.4.0E(R1) or later

Security

Accounting, authentication, and authorization (AAA) services secure networks against unauthorized access. In addition to local

authentication, OS10 supports remote authentication dial-in service (RADIUS) and terminal access controller access control system

(TACACS+) client/server authentication systems. For RADIUS and TACACS+, an OS10 switch acts as a client and sends authentication

requests to a server that contains all user authentication and network service access information.

A RADIUS or TACACS+ server provides accounting, authentication (user credentials verication), and authorization (user privilege-level)

services. You can congure the security protocol used for dierent login methods and users. The server uses a list of authentication

methods to dene the types of authentication and the sequence in which they apply. By default, only the local authentication method is

used.

The authentication methods in the method list are executed in the order in which they are congured. You can re-enter the methods to

change the order. The local authentication method must always be in the list. If a console user logs in with RADIUS or TACACS+

authentication, the privilege-level you congured for the user on the RADIUS or TACACS+ server is applied.

NOTE

: You must congure the group name (level) on the RADIUS server using the vendor-specic attribute or the

authentication fails.

• Congure the AAA authentication method in CONFIGURATION mode.

aaa authentication {local | radius | tacacs}

– local — Use the username and password database dened in the local conguration.

– radius — (Optional) Use the RADIUS servers congured with the radius-server host command as the primary

authentication method.

– tacacs — (Optional) Use the TACACS+ servers congured with the tacacs-server host command as the primary

authentication method.

Congure AAA authentication

OS10(config)# aaa authentication radius local

User re-authentication

To prevent users from accessing resources and performing tasks for which they are not authorized, OS10 allows you to require users to re-

authenticate by logging in again when an authentication method or server changes, such as:

• Adding or removing a RADIUS server (radius-server host command)

• Adding or removing an authentication method (aaa authentication {local | radius} command)

System management

457