Users Guide

ManualsBrandsDell ManualsAccess PlatformsNetworking S3100 Series

691

692

693

694

695

696

697

698

699

700

To view the TACACS+ configuration, use the show running-config tacacs+ command in EXEC Privilege mode.

To delete a TACACS+ server host, use the no tacacs-server host {hostname | ip-address} command.

freebsd2# telnet 2200:2200:2200:2200:2200::2202

Trying 2200:2200:2200:2200:2200::2202...

Connected to 2200:2200:2200:2200:2200::2202.

Escape character is '^]'.

Password:

Dell#

Command Authorization

The AAA command authorization feature configures Dell Networking OS to send each configuration command to a TACACS

server for authorization before it is added to the running configuration.

By default, the AAA authorization commands configure the system to check both EXEC mode and CONFIGURATION mode

commands. Use the no aaa authorization config-commands command to enable only EXEC mode command

checking.

If rejected by the AAA server, the command is not added to the running config, and a message displays:

04:07:48: %RPM0-P:CP %SEC-3-SEC_AUTHORIZATION_FAIL: Authorization failure Command

authorization failed for user (denyall) on vty0 ( 10.11.9.209 )

Certain TACACS+ servers do not authenticate the device if you use the aaa authorization commands level default

local tacacs+

command. To resolve the issue, use the aaa authorization commands level default tacacs+

local command.

Protection from TCP Tiny and Overlapping

Fragment Attacks

Tiny and overlapping fragment attack is a class of attack where configured ACL entries — denying TCP port-specific traffic — is

bypassed and traffic is sent to its destination although denied by the ACL.

RFC 1858 and 3128 proposes a countermeasure to the problem. This countermeasure is configured into the line cards and

enabled by default.

Enabling SCP and SSH

Secure shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network. Dell

Networking OS is compatible with SSH versions 1.5 and 2, in both the client and server modes. SSH sessions are encrypted and

use authentication. SSH is enabled by default.

For details about the command syntax, refer to the Security chapter in the Dell Networking OS Command Line Interface

Reference Guide.

Dell Networking OS SCP, which is a remote file copy program that works with SSH.

NOTE

: The Windows-based WinSCP client software is not supported for secure copying between a PC and a Dell

Networking OS-based system. Unix-based SCP client software is supported.

To use the SSH client, use the following command.

• Open an SSH connection and specify the hostname, username, port number,encryption cipher,HMAC algorithm and

version of the SSH client.

EXEC Privilege mode

Security 697