Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4112F-ON/S4112T-ON

521

522

523

524

525

526

527

528

529

530

Congure TACACS+ server

OS10(config)# tacacs-server host 1.2.4.5 key mysecret

View TACACS+ server conguration

OS10# show running-configuration

...

tacacs-server host 1.2.4.5 key 9

3a95c26b2a5b96a6b80036839f296babe03560f4b0b7220d6454b3e71bdfc59b

...

Delete TACACS+ server

OS10# no tacacs server host 1.2.4.5

TACACS+ unknown or missing user role

When a TACACS+ server authenticates a user and does not return a role or returns an unknown role, OS10 assigns the netoperator role

to the authenticated user by default. You can recongure the default netoperator role.

• Enter an OS10 user role in CONFIGURATION mode.

userrole default inherit existing-role-name

– existing-role-name — Enter a user role:

◦ sysadmin — Full access to all commands in the system, exclusive access to commands that manipulate the le system, and

access to the system shell. A system administrator can create user IDs and user roles.

◦ secadmin — Full access to conguration commands that set security policy and system access, such as password strength,

AAA authorization, and cryptographic keys. A security administrator can display security information, such as cryptographic

keys, login statistics, and log information.

◦ netadmin — Full access to conguration commands that manage trac owing through the switch, such as routes,

interfaces, and ACLs. A network administrator cannot access conguration commands for security features or view security

information.

◦ netoperator — Access to EXEC mode to view the current conguration. A network operator cannot modify any

conguration setting on a switch.

Recongure the default user role

OS10(config)# userrole default inherit sysadmin

SSH server

In OS10, the secure shell (SSH) server allows an SSH client to access an OS10 switch through a secure, encrypted connection. The SSH

server authenticates remote clients using RADIUS challenge/response, a trusted host le, locally-stored passwords, and public keys.

Congure SSH server

• The SSH server is enabled by default. You can disable the SSH server using no ip ssh server enable.

• Challenge response authentication is disabled by default. To enable, use the ip ssh server challenge-response-

authentication command.

• Host-based authentication is disabled by default. To enable, use the ip ssh server hostbased-authentication command.

• Password authentication is enabled by default. To disable, use the no ip ssh server password-authentication command.

• Public key authentication is enabled by default. To disable, use the no ip ssh server pubkey-authentication command.

• Password-less login is disabled by default. To enable, use the username sshkey or username sshkey filename commands.

• Congure the list of cipher algorithms using ip ssh server cipher cipher-list.

522

System management