Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4112F-ON/S4112T-ON

511

512

513

514

515

516

517

518

519

520

Usage Information By default, the Telnet server is disabled. To enable the Telnet server, enter the telnet enable command. To

congure the Telnet server to be reachable on the management VRF instance, use the ip telnet server

vrf management

command.

Example

OS10(config)# ip telnet server vrf management

Supported Releases 10.4.0E(R1) or later

Security

Authentication, authorization, and accounting (AAA) services secure networks against unauthorized access. In addition to local

authentication, OS10 supports remote authentication dial-in user service (RADIUS) and terminal access controller access control system

(TACACS+) client/server authentication systems. For RADIUS and TACACS+, an OS10 switch acts as a client and sends authentication

requests to a server that contains all user authentication and network service access information.

A RADIUS or TACACS+ server provides authentication (user credentials verication), authorization (role-based permissions), and

accounting services. You can congure the security protocol used for dierent login methods and users. RADIUS provides very limited

authorization and accounting services compared to TACACS+.

An OS10 switch uses a list of authentication methods to dene the types of authentication and the sequence in which they apply. By

default, only the local authentication method is congured.

The authentication methods in the method list are executed in the order in which they are congured. You can re-enter the methods to

change the order. The local authentication method remains enabled even if you remove all congured methods in the list (no aaa

authentication login {console | default}

command).

• Congure the AAA authentication method in CONFIGURATION mode.

aaa authentication login {console | default} {local | group radius | group tacacs+}

– console — Congure authentication methods for console logins.

– default — Congure authentication methods for non-console (SSH and Telnet) logins.

– local — Use the local username, password, and role entries congured with the username password role command.

– group radius — Use the RADIUS servers congured with the radius-server host command.

– group tacacs+ — Use the TACACS+ servers congured with the tacacs-server host command.

Congure user role on server

If a console user logs in with RADIUS or TACACS+ authentication, the role you congured for the user on the RADIUS or TACACS+ server

is applied. User authentication fails if no role is congured on the authentication server.

In addition, you must congure the user role on the RADIUS or TACACS+ server using the vendor-specic attribute (VSA) or the

authentication fails. Dell's vendor ID is 674. You create a VSA with Name = Dell-group-name, OID = 2, Type = string. Valid

values for

Dell-group-name are sysadmin, secadmin, netadmin, and netoperator. Use the VSA Dell-group-name values when you

create users on a Radius or TACACS+ server.

For detailed information about how to congure vendor-specic attributes on a RADIUS or TACACS+ server, refer to the respective

RADIUS or TACACS+ server documentation.

Congure AAA authentication

OS10(config)# aaa authentication login default group radius local

OS10(config)# do show running-configuration aaa

aaa authentication login default group radius local

aaa authentication login console local

Remove AAA authentication methods

OS10(config)# no aaa authentication login default

OS10(config)# do show running-configuration aaa

518

System management