Table of Contents
Advertisement
The following example shows enabling local authentication for console and remote authentication for the
VTY lines.
Dell(config)# aaa authentication enable mymethodlist radius tacacs
Dell(config)# line vty 0 9
Dell(config-line-vty)# enable authentication mymethodlist
Server-Side Configuration
Using AAA authentication, the switch acts as a RADIUS or TACACS+ client to send authentication requests to
a TACACS+ or RADIUS server.
•
TACACS+ — When using TACACS+, the switch sends an initial packet with service type SVC_ENABLE,
and then sends a second packet with just the password. The TACACS server must have an entry for
username $enable$.
•
RADIUS — When using RADIUS authentication, the switch sends an authentication packet with the
following:
Username: $enab15$
Password: <password-entered-by-user>
Therefore, the RADIUS server must have an entry for this username.
AAA Authorization
The system enables AAA new-model by default.
You can set authorization to be either local or remote. Different combinations of authentication and
authorization yield different results. By default, the system sets both to local.
Privilege Levels Overview
Limiting access to the system is one method of protecting the system and your network. However, at times,
you might need to allow others access to the router and you can limit that access to a subset of commands.
You can configure a privilege level for users who need limited access to the system.
Every command in the Dell Networking OS is assigned a privilege level of 0, 1, or 15. You can configure up to
16 privilege levels. The system is pre-configured with three privilege levels and you can configure 13 more.
The three pre-configured levels are:
•
Privilege level 1 — is the default level for EXEC mode. At this level, you can interact with the router, for
example, view some show commands and Telnet and ping to test connectivity, but you cannot
configure the router. This level is often called the "user" level. One of the commands available in
Privilege level 1 is the enable command, which you can use to enter a specific privilege level.
•
Privilege level 0 — contains only the end, enable, and disable commands.
•
Privilege level 15 — the default level for the enable command, is the highest level. In this level you can
access any command in the system.
Privilege levels 2 through 14 are not configured and you can customize them for different users and access.
Security
986
Advertisement
Table of Contents
Troubleshooting
