Server-Side Configuration; Aaa Authorization; Privilege Levels Overview - Dell Force10 MXL Blade Configuration Manual
Configuration guide for the mxl 10/40gbe switch io module
Hide thumbs
Also See for Force10 MXL Blade:
- Reference manual (732 pages) ,
- Deployment manual (89 pages) ,
- Getting started manual (38 pages)
Table of Contents
Advertisement
To use local authentication for enable secret on the console, while using remote authentication on virtual
terminal line (VTY) lines, use the following commands:
FTOS(conf)# aaa authentication enable mymethodlist radius tacacs
FTOS(conf)# line vty 0 9
FTOS(conf-line-vty)# enable authentication mymethodlist
Server-Side Configuration
TACACS+: When using TACACS+, Dell Force10 sends an initial packet with service type
SVC_ENABLE, and then, a second packet with just the password. The TACACS server must have an
entry for username $enable$. When using RADIUS authentication, FTOS sends an authentication packet
with the following:
Username: $enab15$
Password: <password-entered-by-user>
Therefore, the RADIUS server must have an entry for this username.
AAA Authorization
FTOS enables AAA new-model by default.You can set authorization to be either local or remote. Different
combinations of authentication and authorization yield different results. By default, FTOS sets both to
local.
Privilege Levels Overview
Limiting access to the system is one method of protecting the system and your network. However, at times,
you might need to allow others access to the router and you can limit that access to a subset of commands.
In FTOS, you can configure a privilege level for users who need limited access to the system.
Every command in FTOS is assigned a privilege level of 0, 1, or 15. You can configure up to 16 privilege
levels in FTOS. FTOS is pre-configured with three privilege levels and you can configure 13 more. The
three pre-configured levels are:
•
Privilege level 1—is the default level for EXEC mode. At this level, you can interact with the router,
for example, view some show commands and Telnet and ping to test connectivity, but you cannot
configure the router. This level is often called the "user" level. One of the commands available in
Privilege level 1 is the
•
Privilege level 0—contains only the
•
Privilege level 15—the default level for the
access any command in FTOS.
command, which you can use to enter a specific privilege level.
enable
,
end
enable
enable
, and
commands.
disable
command is the highest level. In this level you can
Security | 479
- Quick Links:
- Accessing the Command Line
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
