Specifications
config authen_enable
Purpose Used to configure a user-defined method list of authentication methods for promoting normal user level
privileges to Administrator level privileges on the Switch.
Syntax config authen_enable [default | method_list_name <string 15>] method {tacacs | xtacacs |
tacacs+ | radius | server_group <string 15> | local_enable | none}
Description This command is used to promote users with normal level privileges to Administrator level privileges using
authentication methods on the Switch. Once a user acquires normal user level privileges on the Switch,he or
she must be authenticated by a method on the Switch to gain administrator privileges on the Switch, which is
defined by the Administrator.A maximum of eight (8) enable method lists can be implemented on the Switch.
The sequence of methods implemented in this command will affect the authentication result. For example, if a
user enters a sequence of methods like tacacs – xtacacs – local_enable, the Switch will send an authentication
request to the first tacacs host in the server group. If no verification is found, the Switch will send an
authentication request to the second tacacs host in the server group and so on, until the list is exhausted.At
that point, the Switch will restart the same sequence with the following protocol listed, xtacacs. If no
authentication takes place using the xtacacs list, the local_enable password set in the Switch is used to
authenticate the user.
Successful authentication using any of these methods will give the user a “Admin” privilege.
Parameters default – The default method list for administration rights authentication, as defined by the user.The user may
choose one or a combination of up to four (4) of the following authentication methods:
tacacs – Adding this parameter will require the user to be authenticated using the TACACS protocol
from the remote TACACS server hosts of the TACACS server group list.
xtacacs – Adding this parameter will require the user to be authenticated using the XTACACS
protocol from the remote XTACACS server hosts of the XTACACS group list.
tacacs+ – Adding this parameter will require the user to be authenticated using the TACACS+
protocol from the remote TACACS+ server hosts of the TACACS+ server group list.
radius –- Adding this parameter will require the user to be authenticated using the RADIUS
protocol from a remote RADIUS server previously implemented on the Switch.
server_group <string 15> – Adding this parameter will require the user to be authenticated using
a user-defined server group previously configured on the Switch.
local_enable – Adding this parameter will require the user to be authenticated using the local user
account database on the Switch.
none – Adding this parameter will require no authentication to access the Switch.
method_list_name – Enter a previously implemented method list name defined by the user (create
authen_enable).The user may add one, or a combination of up to four (4) of the following authentication
methods to this method list:
tacacs – Adding this parameter will require the user to be authenticated using the TACACS protocol
from a remote TACACS server.
xtacacs – Adding this parameter will require the user to be authenticated using the XTACACS
protocol from a remote XTACACS server.
tacacs+ – Adding this parameter will require the user to be authenticated using the TACACS+
protocol from a remote TACACS+ server
radius –- Adding this parameter will require the user to be authenticated using the RADIUS
protocol from a remote RADIUS server previously implemented on the Switch.
server_group <string 15> – Adding this parameter will require the user to be authenticated
using a user-defined server group previously configured on the Switch.
local_enable – Adding this parameter will require the user to be authenticated using the local user
account database on the Switch.The local enable password of the device can be configured using
the “config admin local_password” command.
none – Adding this parameter will require no authentication to access the Switch.
Restrictions Only administrator-level users can issue this command.
Example usage:
To configure the user defined method list “Trinity” with authentication methods TACACS, XTACACS and local, in that order:
AT-9724TS:4# config authen_enable method_list_name Trinity
method tacacs xtacacs local
Command: config authen_enable method_list_name Trinity
method tacacs xtacacs local
S u c c e s s .
A T - 9 7 2 4 T S : 4 #
143
Allied Telesyn AT-9724TS High-Density Layer 3 Stackable Gigabit Ethernet Switch • Command Line Interface Reference Manual