Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4128F-ON/S4128T-ON

451

452

453

454

455

456

457

458

459

460

(TACACS+) client/server authentication systems. For RADIUS and TACACS+, an OS10 switch acts as a client and sends authentication

requests to a server that contains all user authentication and network service access information.

A RADIUS or TACACS+ server provides accounting, authentication (user credentials verication), and authorization (user privilege-level)

services. You can congure the security protocol used for dierent login methods and users. The server uses a list of authentication

methods to dene the types of authentication and the sequence in which they apply. By default, only the local authentication method is

used.

The authentication methods in the method list are executed in the order in which they are congured. You can re-enter the methods to

change the order. The

local authentication method must always be in the list. If a console user logs in with RADIUS or TACACS+

authentication, the privilege-level you congured for the user on the RADIUS or TACACS+ server is applied.

NOTE: You must congure the group name (level) on the RADIUS server using the vendor-specic attribute or the

authentication fails.

• Congure the AAA authentication method in CONFIGURATION mode.

aaa authentication {local | radius | tacacs}

– local — Use the username and password database dened in the local conguration.

– radius — (Optional) Use the RADIUS servers congured with the radius-server host command as the primary

authentication method.

– tacacs — (Optional) Use the TACACS+ servers congured with the tacacs-server host command as the primary

authentication method.

Congure AAA authentication

OS10(config)# aaa authentication radius local

User re-authentication

To prevent users from accessing resources and performing tasks for which they are not authorized, OS10 allows you to require users to re-

authenticate by logging in again when an authentication method or server changes, such as:

• Adding or removing a RADIUS server (radius-server host command)

• Adding or removing an authentication method (aaa authentication {local | radius} command)

You can enable this feature so that user re-authentication is required when any of these actions are performed. In these cases, logged-in

users are logged out of the switch and all OS10 sessions are terminated. By default, user re-authentication is disabled.

Enable user re-authentication

• Enable user re-authentication in CONFIGURATION mode.

aaa re-authenticate enable

Enter the no form of the command to disable user re-authentication.

Password strength

By default, the password you congure with the username password command must be at least nine alphanumeric characters.

To increase password strength, you can create password rules using the password-attributes command. When you enter the

command, at least one parameter is required. When you enter the character-restriction parameter, at least one option is required.

• Create rules for stronger passwords in CONFIGURATION mode.

password-attributes {[min-length number] [character-restriction {[upper number]

[lower number][numeric number] [special-char number]}}

System management

457