Tacacs+ Remote Authentication And Authorization - Dell Force10 S4810P Configuration Manual
High-density, 1ru 48-port 10gbe switch
Hide thumbs
Also See for Force10 S4810P:
- Manual (60 pages) ,
- Quick start manual (27 pages) ,
- Reference manual (1637 pages)
Table of Contents
Advertisement
Figure 43-4. Failed Authentication
(conf)#
FTOS
(conf)#do show run aaa
FTOS
!
aaa authentication enable default tacacs+ enable
aaa authentication enable LOCAL enable tacacs+
aaa authentication login default tacacs+ local
aaa authentication login LOCAL local tacacs+
aaa authorization exec default tacacs+ none
aaa authorization commands 1 default tacacs+ none
aaa authorization commands 15 default tacacs+ none
aaa accounting exec default start-stop tacacs+
aaa accounting commands 1 default start-stop tacacs+
aaa accounting commands 15 default start-stop tacacs+
(conf)#
FTOS
(conf)#do show run tacacs+
FTOS
!
tacacs-server key 7 d05206c308f4d35b
tacacs-server host 10.10.10.10 timeout 1
(conf)#tacacs-server key angeline
FTOS
(conf)#%RPM0-P:CP %SEC-5-LOGIN_SUCCESS: Login successful for user admin on
FTOS
vty0 (10.11.9.209)
%RPM0-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password
authentication success on vty0 ( 10.11.9.209 )
%RPM0-P:CP %SEC-5-LOGOUT: Exec session is terminated for user admin on line
vty0 (10.11.9.209)
(conf)#username angeline password angeline
FTOS
(conf)#%RPM0-P:CP %SEC-5-LOGIN_SUCCESS: Login successful for user angeline
FTOS
on vty0 (10.11.9.209)
%RPM0-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password
authentication success on vty0 ( 10.11.9.209 )
Monitor TACACS+
To view information on TACACS+ transactions, use the following command in the EXEC Privilege mode:
Command Syntax
debug tacacs+
TACACS+ Remote Authentication and Authorization
FTOS takes the access class from the TACACS+ server. Access class is the class of service that restricts
Telnet access and packet sizes. If you have configured remote authorization, then FTOS ignores the access
class you have configured for the VTY line. FTOS instead gets this access class information from the
TACACS+ server. FTOS needs to know the username and password of the incoming user before it can
fetch the access class from the server. A user, therefore, will at least see the login prompt. If the access
class denies the connection, FTOS closes the Telnet session immediately.
Server key purposely changed to incorrect value
User authenticated using secondary method
Command Mode
Purpose
EXEC Privilege
View TACACS+ transactions to troubleshoot
problems.
Security | 895
Advertisement
Table of Contents
Troubleshooting
