Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsNetworking S3100 Series
831832833834835836837838839840
To view the TACACS+ configuration, use the show running-config tacacs+ command in EXEC Privilege
mode.
To delete a TACACS+ server host, use the no tacacs-server host {hostname | ip-address}
command.
freebsd2# telnet 2200:2200:2200:2200:2200::2202
Trying 2200:2200:2200:2200:2200::2202...
Connected to 2200:2200:2200:2200:2200::2202.
Escape character is '^]'.
Login: admin
Password:
Dell#
Dell#
Command Authorization
The AAA command authorization feature configures Dell Networking OS to send each configuration
command to a TACACS server for authorization before it is added to the running configuration.
By default, the AAA authorization commands configure the system to check both EXEC mode and
CONFIGURATION mode commands. Use the no aaa authorization config-commands command to
enable only EXEC mode command checking.
If rejected by the AAA server, the command is not added to the running config, and a message displays:
04:07:48: %RPM0-P:CP %SEC-3-SEC_AUTHORIZATION_FAIL: Authorization failure Command
authorization failed for user (denyall) on vty0 ( 10.11.9.209 )
Certain TACACS+ servers do not authenticate the device if you use the aaa authorization commands
level default local tacacs+ command. To resolve the issue, use the aaa authorization
commands level default tacacs+ local command.
Protection from TCP Tiny and
Overlapping Fragment Attacks
Tiny and overlapping fragment attack is a class of attack where configured ACL entries — denying TCP port-
specific traffic — is bypassed and traffic is sent to its destination although denied by the ACL.
RFC 1858 and 3128 proposes a countermeasure to the problem. This countermeasure is configured into the
line cards and enabled by default.
Enabling SCP and SSH
Secure shell (SSH) is a protocol for secure remote login and other secure network services over an insecure
network. Dell Networking OS is compatible with SSH versions 1.5 and 2, in both the client and server modes.
SSH sessions are encrypted and use authentication. SSH is enabled by default.
For details about the command syntax, refer to the Security chapter in the Dell Networking OS Command
Line Interface Reference Guide
.
Security 835