Manualshelf

Reference Guide

ManualsBrandsDell ManualsserversDell Force10 E600i
871872873874875876877878879880
874 | Security
www.dell.com | support.dell.com
%RPM0-P:CP %SEC-5-LOGOUT: Exec session is terminated for user admin on line vty0
(10.11.9.209)
FTOS(conf)#username angeline password angeline
FTOS(conf)#%RPM0-P:CP %SEC-5-LOGIN_SUCCESS: Login successful for user angeline on vty0
(10.11.9.209)
%RPM0-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password authentication success
on vty0 ( 10.11.9.209 )
Monitor TACACS+
To view information on TACACS+ transactions, use the following command in the EXEC Privilege mode:
TACACS+ Remote Authentication and Authorization
FTOS takes the access class from the TACACS+ server. Access class is the class of service that restricts
Telnet access and packet sizes. If you have configured remote authorization, then FTOS ignores the access
class you have configured for the VTY line. FTOS instead gets this access class information from the
TACACS+ server. FTOS needs to know the username and password of the incoming user before it can
fetch the access class from the server. A user, therefore, will at least see the login prompt. If the access
class denies the connection, FTOS closes the Telnet session immediately.
The following example demonstrates how to configure the
access-class from a TACACS+ server. This
causes the configured access-class on the VTY line to be ignored. If you have configured a
deny10 ACL
on the TACACS+ server, FTOS downloads it and applies it. If the user is found to be coming from the
10.0.0.0 subnet, FTOS also immediately closes the Telnet connection. Note, that no matter where the user
is coming from, they see the login prompt.
FTOS#
FTOS(conf)#
FTOS(conf)#ip access-list standard deny10
FTOS(conf-ext-nacl)#permit 10.0.0.0/8
FTOS(conf-ext-nacl)#deny any
FTOS(conf)#
FTOS(conf)#aaa authentication login tacacsmethod tacacs+
FTOS(conf)#aaa authentication exec tacacsauthorization tacacs+
FTOS(conf)#tacacs-server host 25.1.1.2 key force10
FTOS(conf)#
FTOS(conf)#line vty 0 9
FTOS(config-line-vty)#login authentication tacacsmethod
FTOS(config-line-vty)#authorization exec tacauthor
FTOS(config-line-vty)#
FTOS(config-line-vty)#access-class deny10
FTOS(config-line-vty)#end
When configuring a TACACS+ server host, you can set different communication parameters, such as the
the key password.
Command Syntax Command Mode Purpose
debug tacacs+ EXEC Privilege View TACACS+ transactions to troubleshoot problems.