Reference Guide

ManualsBrandsDell ManualsserversDell Force10 E1200i

871

872

873

874

875

876

877

878

879

880

Security | 873

To select TACACS as the login authentication method, use these commands in the following sequence in

the CONFIGURATION mode:

To view the configuration, use the

show config in the LINE mode or the show running-config tacacs+

command in the EXEC Privilege mode.

If authentication fails using the primary method, FTOS employs the second method (or third method, if

necessary) automatically. For example, if the TACACS+ server is reachable, but the server key is invalid,

FTOS proceeds to the next authentication method. In the following example, the TACACS+ is incorrect,

but the user is still authenticated by the secondary method.

FTOS(conf)#

FTOS(conf)#do show run aaa

aaa authentication enable default tacacs+ enable

aaa authentication enable LOCAL enable tacacs+

aaa authentication login default tacacs+ local

aaa authentication login LOCAL local tacacs+

aaa authorization exec default tacacs+ none

aaa authorization commands 1 default tacacs+ none

aaa authorization commands 15 default tacacs+ none

aaa accounting exec default start-stop tacacs+

aaa accounting commands 1 default start-stop tacacs+

aaa accounting commands 15 default start-stop tacacs+

FTOS(conf)#

FTOS(conf)#do show run tacacs+

tacacs-server key 7 d05206c308f4d35b

tacacs-server host 10.10.10.10 timeout 1

FTOS(conf)#tacacs-server key angeline

FTOS(conf)#%RPM0-P:CP %SEC-5-LOGIN_SUCCESS: Login successful for user admin on vty0

(10.11.9.209)

%RPM0-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password authentication success

on vty0 ( 10.11.9.209 )

Step Command Syntax Command Mode Purpose

1 tacacs-server host {ipv4-address |

ipv6-address | host}

CONFIGURATION Configure a TACACS+ server host. Enter

the IP address or host name of the

TACACS+ server.

Use this command multiple times to

configure multiple TACACS+ server hosts.

aaa authentication login

{method-list-name | default} tacacs+

[...method3]

CONFIGURATION Enter a text string (up to 16 characters

long) as the name of the method list you

wish to use with the TACAS+

authentication method

The tacacs+ method should not be the last

method specified.

line {aux 0 | console 0 | vty number

[end-number]}

CONFIGURATION Enter the LINE mode.

default}

LINE Assign the method-list to the terminal line.