Tacacs+ Remote Authentication - Dell S4048–ON Configuration Manual
Hide thumbs
Also See for S4048–ON:
- Configuration manual (1039 pages) ,
- Deployment manual (78 pages) ,
- Troubleshooting manual (29 pages)
Table of Contents
Advertisement
Example of a Failed Authentication
To view the configuration, use the show config in LINE mode or the show running-config tacacs+ command in EXEC Privilege
mode.
If authentication fails using the primary method, Dell Networking OS employs the second method (or third method, if necessary)
automatically. The fallback to the second method would happen only if the authentication failure is due to a non-reachable server or invalid
TACACS server key. The fallback would not occur if the authentication failure is due to invalid credentials. For example, if the TACACS+
server is reachable, but the server key is invalid, Dell Networking OS proceeds to the next authentication method. In the following example,
the TACACS+ is incorrect, but the user is still authenticated by the secondary method.
First bold line: Server key purposely changed to incorrect value.
Second bold line: User authenticated using the secondary method.
Dell(conf)#
Dell(conf)#do show run aaa
!
aaa authentication enable default tacacs+ enable
aaa authentication enable LOCAL enable tacacs+
aaa authentication login default tacacs+ local
aaa authentication login LOCAL local tacacs+
aaa authorization exec default tacacs+ none
aaa authorization commands 1 default tacacs+ none
aaa authorization commands 15 default tacacs+ none
aaa accounting exec default start-stop tacacs+
aaa accounting commands 1 default start-stop tacacs+
aaa accounting commands 15 default start-stop tacacs+
Dell(conf)#
Dell(conf)#do show run tacacs+
!
tacacs-server key 7 d05206c308f4d35b
tacacs-server host 10.10.10.10 timeout 1
Dell(conf)#tacacs-server key angeline
Dell(conf)#%RPM0-P:CP %SEC-5-LOGIN_SUCCESS: Login successful for user admin on
vty0 (10.11.9.209)
%RPM0-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password
authentication success on vty0 ( 10.11.9.209 )
%RPM0-P:CP %SEC-5-LOGOUT: Exec session is terminated for user admin on line
vty0 (10.11.9.209)
Dell(conf)#username angeline password angeline
Dell(conf)#%RPM0-P:CP %SEC-5-LOGIN_SUCCESS: Login successful for user angeline
on vty0 (10.11.9.209)
%RPM0-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password
authentication success on vty0 ( 10.11.9.209 )
Monitoring TACACS+
To view information on TACACS+ transactions, use the following command.
•
View TACACS+ transactions to troubleshoot problems.
EXEC Privilege mode
debug tacacs+
TACACS+ Remote Authentication
The system takes the access class from the TACACS+ server. Access class is the class of service that restricts Telnet access and packet
sizes.
If you have configured remote authorization, the system ignores the access class you have configured for the VTY line and gets this access
class information from the TACACS+ server. The system must know the username and password of the incoming user before it can fetch
Security
809
Advertisement
Table of Contents
Troubleshooting
