Manualshelf

Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentForce10 S2410-01-10GE-24P
131132133134135136137138139140
Providing User Access Security | 135
9
Providing User Access Security
This chapter contains the following major sections:
Choosing a TACACS+ Server and Authentication Method
Configuring TACACS+ Server Connection Options on page 137
Configuring a RADIUS Connection on page 138
Enabling Secure Management with SSH on page 140
SFTOS supports several user-access security methods to the switch, including local (see Creating a User
and Password on page 36), port security (IEEE 802.1X) through RADIUS and Terminal Access Controller
Access Control System (TACACS+), and encrypted transport session (between the management station
and switch) using Secure Shell (SSH). This chapter describes how to configure each of those methods.
For more on port security configuration (including MD5), see the Security deck of the S-Series Training
slides, which are on the S-Series Documentation CD-ROM.
Choosing a TACACS+ Server and Authentication Method
To use TACACS+ to authenticate users, you specify at least one TACACS+ server with which the S-Series
will communicate, then identify TACACS+ as one of your authentication methods. To select TACACS as
the login authentication method, use the following command sequence:
Step Command Syntax
Command
Mode Purpose
1 tacacs-server host ip-address Global Config Configure a TACACS+ server host. Enter the IP
address or host name of the TACACS+ server. You can
use this command multiple times to configure multiple
TACACS+ server hosts.
1 exit TACACS
Config
Return to Global Config mode. Alternatively, while
you are still in TACACS Config mode, you can set
values for server-specific parameters, such as priority,
key, and timeout. See Configuring TACACS+ Server
Connection Options on page 137.
2
authentication login listname
{method1 [method2 [method3]]}
Global Config Create a method-list name and specify that TACACS is
one method for login authentication.
3
users defaultlogin listname Global Config Assign a method list to use to authenticate
non-configured users when they attempt to log in to
the system.