Reference Guide
Usage Information By default, the Telnet server is disabled. To enable the Telnet server, enter the telnet enable command. To
congure the Telnet server to be reachable on the management VRF instance, use the ip telnet server
vrf management
command.
Example
OS10(config)# ip telnet server vrf management
Supported Releases 10.4.0E(R1) or later
Security
Authentication, authorization, and accounting (AAA) services secure networks against unauthorized access. In addition to local
authentication, OS10 supports remote authentication dial-in user service (RADIUS) and terminal access controller access control system
(TACACS+) client/server authentication systems. For RADIUS and TACACS+, an OS10 switch acts as a client and sends authentication
requests to a server that contains all user authentication and network service access information.
A RADIUS or TACACS+ server provides authentication (user credentials verication), authorization (role-based permissions), and
accounting services. You can congure the security protocol used for dierent login methods and users. RADIUS provides very limited
authorization and accounting services compared to TACACS+.
An OS10 switch uses a list of authentication methods to dene the types of authentication and the sequence in which they apply. By
default, only the local authentication method is congured.
The authentication methods in the method list are executed in the order in which they are congured. You can re-enter the methods to
change the order. The local authentication method remains enabled even if you remove all congured methods in the list (no aaa
authentication login {console | default}
command).
• Congure the AAA authentication method in CONFIGURATION mode.
aaa authentication login {console | default} {local | group radius | group tacacs+}
– console — Congure authentication methods for console logins.
– default — Congure authentication methods for non-console (SSH and Telnet) logins.
– local — Use the local username, password, and role entries congured with the username password role command.
– group radius — Use the RADIUS servers congured with the radius-server host command.
– group tacacs+ — Use the TACACS+ servers congured with the tacacs-server host command.
Congure user role on server
If a console user logs in with RADIUS or TACACS+ authentication, the role you congured for the user on the RADIUS or TACACS+ server
is applied. User authentication fails if no role is congured on the authentication server.
In addition, you must congure the user role on the RADIUS or TACACS+ server using the vendor-specic attribute (VSA) or the
authentication fails. Dell's vendor ID is 674. You create a VSA with Name = Dell-group-name, OID = 2, Type = string. Valid
values for
Dell-group-name are sysadmin, secadmin, netadmin, and netoperator. Use the VSA Dell-group-name values when you
create users on a Radius or TACACS+ server.
For detailed information about how to congure vendor-specic attributes on a RADIUS or TACACS+ server, refer to the respective
RADIUS or TACACS+ server documentation.
Congure AAA authentication
OS10(config)# aaa authentication login default group radius local
OS10(config)# do show running-configuration aaa
aaa authentication login default group radius local
aaa authentication login console local
Remove AAA authentication methods
OS10(config)# no aaa authentication login default
OS10(config)# do show running-configuration aaa
518
System management