Login Method Lists Settings - D-Link DGS-3700-12 User Manual

Login Method Lists Settings

This command will configure a user-defined or default Login Method List of authentication techniques for users logging
on to the Switch. The sequence of techniques implemented in this command will affect the authentication result. For
example, if a user enters a sequence of techniques, for example TACACS – XTACACS - local, the Switch will send an
authentication request to the first TACACS host in the server group. If no response comes from the server host, the
Switch will send an authentication request to the second TACACS host in the server group and so on, until the list is
exhausted. At that point, the Switch will restart the same sequence with the following protocol listed, XTACACS. If no
authentication takes place using the XTACACS list, the local account database set in the Switch is used to
authenticate the user. When the local method is used, the privilege level will be dependent on the local account
privilege configured on the Switch.
When the user logins to the device successfully through TACACS/XTACACS/TACACS+server or none method, the
"user" privilege level is assigned only. If the user wants to get admin privilege level, the user must use the Enable
Admin window to promote his privilege level. (See the Enable Admin part of this section for more detailed
information.) But when the user logins to the device successfully through RADIUS server or local method, three kinds
of privilege levels can be assigned to the user and the user cannot use the Enable Admin window to promote to
admin privilege level.
To view this window, click Security > Access Authentication Control > Login Method Lists Settings, as shown
below:
The Switch contains one Method List that is set and cannot be removed, yet can be modified. To delete a Login
Method List defined by the user, click the corresponding Delete button. To modify a Login Method List, click on its
corresponding Edit button.
To define a Login Method List, set the following parameters and click Apply:
Parameter
Method List Name
Priority 1, 2, 3, 4
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual
NOTE: More than one authentication protocol can be run on the same
physical server host but, remember that TACACS/XTACACS/TACACS+
are separate entities and are not compatible with each other
Figure 8- 51 Login Method Lists Settings window
Description
Enter a method list name defined by the user of up to 15 characters.
The user may add one, or a combination of up to four of the following authentication
methods to this method list:
tacacs – Adding this parameter will require the user to be authenticated using the TACACS
protocol from a remote TACACS server.
xtacacs – Adding this parameter will require the user to be authenticated using the
XTACACS protocol from a remote XTACACS server.
tacacs+ – Adding this parameter will require the user to be authenticated using the
TACACS+ protocol from a remote TACACS+ server.
radius – Adding this parameter will require the user to be authenticated using the RADIUS
protocol from a remote RADIUS server.
238