D-Link DGS-3700 Series Reference Manual page 405

DGS-3700 Series Layer 2 Managed Gigabit Ethernet Switch CLI Reference Guide
be listed in an order preferable, and defined by the user for normal user authentication on the Switch, and
may contain up to eight authentication techniques. When a user attempts to access the Switch, the Switch
will select the first technique listed for authentication. If the first technique goes through its server hosts and
no authentication is returned, the Switch will then go to the next technique listed in the server group for
authentication, until the authentication has been verified or denied, or the list is exhausted.
Please note that user granted access to the Switch will be granted normal user privileges on the Switch. To
gain access to admin level privileges, the user must enter the enable admin command, which is only
available for logining in the Switch from the three versions of the TACACS server, and then enter a
password, which was previously configured by the administrator of the Switch.
NOTE: TACACS, XTACACS and TACACS+ are separate entities and are not compatible.
The Switch and the server must be configured exactly the same, using the same protocol. (For
example, if the Switch is set up for TACACS authentication, so must be the host server.)
The Access Authentication Control commands in the Command Line Interface (CLI) are listed (along with
the appropriate parameters) in the following table.
C
OMMAND
enable authen_policy
disable authen_policy
show authen_policy
create authen_login
method_list_name
config authen_login
delete authen_login
method_list_name
show authen_login
create authen_enable
method_list_name
config authen_enable
delete authen_enable
method_list_name
show authen_enable
config authen application
show authen application
create authen server_group
config authen server_group
delete authen server_group
show authen server_group
create authen server_host
config authen server_host
P
ARAMETERS
<string 15>
[default | method_list_name <string 15>] method {tacacs | xtacacs |
tacacs+ | radius | server_group <string 15> | local | none}
<string 15>
[default | method_list_name <string 15> | all]
<string 15>
[default | method_list_name <string 15>] method {tacacs | xtacacs |
tacacs+ | radius | server_group <string 15> | local_enable | none}
<string 15>
[default | method_list_name <string 15> | all]
[console | telnet | ssh | http | all] [login | enable] [default |
method_list_name <string 15>]
<string 15>
[tacacs | xtacacs | tacacs+ | radius | <string 15>] [add | delete] server_host
<ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius]
<string 15>
{<string 15>}
<ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius] {port <int 1-65535>
| key [<key_string 254> | none] | timeout <int 1-255> | retransmit <int
1-20>}
<ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius] {port <int 1-65535>
| key [<key_string 254> | none] | timeout <int 1-255> | retransmit <int
Page | 405