Deployment Guide
• RADIUS — When using RADIUS authentication, Dell Networking OS sends an authentication packet with the following:
Username: $enab15$
Password: <password-entered-by-user>
Therefore, the RADIUS server must have an entry for this username.
Conguring Re-Authentication
Starting from Dell Networking OS 9.11(0.0), the system enables re-authentication of user whenever there is a change in the authenticators.
The change in authentication happens when:
• Add or remove an authentication server (RADIUS/TACACS+)
• Modify an AAA authentication/authorization list
• Change to role-only (RBAC) mode
The re-authentication is also applicable for authenticated 802.1x devices. When there is a change in the authetication servers, the
supplicants connected to all the ports are forced to re-authenticate.
1 Enable the re-authentication mode.
CONFIGURATION mode
aaa reauthentication enable
2 You are prompted to force the users to re-authenticate while adding or removing a RADIUS/TACACS+ server.
CONFIGURATION mode
aaa authentication login method-list-name
Example:
Dell(config)#aaa authentication login vty_auth_list radius
Force all logged-in users to re-authenticate (y/n)?
3 You are prompted to force the users to re-authenticate whenever there is a change in the RADIUS server list..
CONFIGURATION mode
radius-server host IP Address
Example:
Dell(config)#radius-server host 192.100.0.12
Force all logged-in users to re-authenticate (y/n)?
Dell(config)#no radius-server host 192.100.0.12
Force all logged-in users to re-authenticate (y/n)?
AAA Authorization
The Dell Networking OS enables AAA new-model by default.
You can set authorization to be either local or remote. Dierent combinations of authentication and authorization yield dierent results.
By default, the system sets both to local.
Security
699