Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsC9010 Modular Chassis Switch

821

822

823

824

825

826

827

828

829

830

Rate-limiting RADIUS packets

NAS enables you to allow or reject RADIUS dynamic authorization packets based on the rate-limiting value that you specify.

NAS lets you to configure number of RADIUS dynamic authorization packets allowed per minute. The default value is 30 packets per

minute. NAS discards the packets, if the number of RADIUS dynamic authorization packets in the current interval cross the configured

rate-limit value.

Enter the following command to configure rate-limiting:

rate-limit number

NAS considers the rate limit change value from the next interval period. The range is from 10 to 60 packets per minute. The default is 30

packets per minute.

Dell(conf-dynamic-auth#)rate-limit 50

Configuring time-out value

You can configure a time-out value for the back-end task to respond to CoA or DM requests.

This setting enables the DAS to determine the amount of time to wait before a back-end response is received. The default value is 10

minutes.

Enter the following command to configure the time-out value:

da-rsp-timeout value

Dell(conf-dynamic-auth#)da-rsp-timeout 20

TACACS+

The system supports terminal access controller access control system (TACACS+ client, including support for login authentication.

Configuration Task List for TACACS+

The following list includes the configuration task for TACACS+ functions.

• Choosing TACACS+ as the Authentication Method

• Monitoring TACACS+

• TACACS+ Remote Authentication and Authorization

• Specifying a TACACS+ Server Host

For a complete listing of all commands related to TACACS+, refer to the Security chapter in the Dell Networking OS Command Reference

Guide.

Choosing TACACS+ as the Authentication Method

One of the login authentication methods available is TACACS+ and the user’s name and password are sent for authentication to the

TACACS hosts specified.

To use TACACS+ to authenticate users, specify at least one TACACS+ server for the system to communicate with and configure

TACACS+ as one of your authentication methods.

To select TACACS+ as the login authentication method, use the following commands.

1. Configure a TACACS+ server host.

CONFIGURATION mode

tacacs-server host {ip-address | host}

Enter the IP address or host name of the TACACS+ server.

Use this command multiple times to configure multiple TACACS+ server hosts.

2. Enter a text string (up to 16 characters long) as the name of the method list you wish to use with the TACAS+ authentication method.

CONFIGURATION mode

aaa authentication login {method-list-name | default} tacacs+ [...method3]

The TACACS+ method must not be the last method specified.

3. Enter LINE mode.

822

Security