Enable Method Lists - D-Link xStack DGS-3200-10 User Manual

xStack

Enable Method Lists

Users can set up Method Lists to pro mote users with user lev el privileges to Ad ministrator (Ad min) level priv ileges using
authentication methods on t he Swi tch. O nce a use r ac quires normal user l evel privileges on t he S witch, he or s he m ust be
authenticated by a method on the Switch to gain administrator privileges on the Switch, which is defined by the Administrator. A
maximum of e ight Enable Method Lists can be implemented on the Switch, one of which is a default Enable Method List. This
default Enable Method List cannot be deleted but can be configured.
The se quence of m ethods im plemented in this com mand will affect the au thentication result. F or exam ple, if a us er enters a
sequence of m ethods lik e TACACS - XTACACS - Lo cal En able, the Switch will sen d an au thentication requ est to th e first
TACACS host in th e serv er g roup. If no verification is found, th e Switch will sen d an au thentication requ est to th e second
TACACS host in the server group and so on, until the list is ex hausted. At that point, the Switch will restart the same seq uence
with the following protoc ol listed, XT ACACS. If no a uthentication ta kes place using t he XTACACS list, the L ocal E nable
password set in the Switch is used to authenticate the user.
Successful authentication using any of these methods will give the user an "Admin" privilege.
NOTE: To set the Local Enable Password, see the next section, entitled Local Enable Password.
To view the following window, click Security > Access Authentication Control > Enable Method Lists:
To delete an Enable Method List defined by the user, click the Delete button corresponding to the entry desired to be deleted. To
modify an Enable Method List, click on its corresponding Edit button.
To define an Enable Login Method List, set the following parameters and click Apply:
Parameter
Method List Name
Priority 1, 2, 3, 4
®
DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch
Figure 5 - 42. Enable Method Lists window
Description
Enter a method list name defined by the user of up to 15 characters.
The user may add one, or a combination of up to four of the following authentication methods
to this method list:
local_enable - Adding this parameter will require the user to be authenticated using the local
enable password database on the Switch. The local enable password must be set by the user
in the next section entitled Local Enable Password.
none - Adding this parameter will require no authentication to access the Switch.
radius - Adding this parameter will require the user to be authenticated using the RADIUS
protocol from a remote RADIUS server.
tacacs - Adding this parameter will require the user to be authenticated using the TACACS
protocol from a remote TACACS server.
xtacacs - Adding this parameter will require the user to be authenticated using the XTACACS
protocol from a remote XTACACS server.
tacacs+ - Adding this parameter will require the user to be authenticated using the TACACS
protocol from a remote TACACS server.
159