Manualshelf

Concept Guide

ManualsBrandsDell ManualsComputer equipmentPowerEdge M IO Aggregator
191192193194195196197198199200
TACACS+
Dell Networking OS supports terminal access controller access control system (TACACS+ client, including support for login authentication.
Conguration Task List for TACACS+
The following list includes the conguration task for TACACS+ functions.
Choosing TACACS+ as the Authentication Method
Monitoring TACACS+
TACACS+ Remote Authentication
Specifying a TACACS+ Server Host
For a complete listing of all commands related to TACACS+, refer to the Security chapter in the Dell Networking OS Command Reference
Guide.
Choosing TACACS+ as the Authentication Method
One of the login authentication methods available is TACACS+ and the user’s name and password are sent for authentication to the
TACACS hosts specied.
To use TACACS+ to authenticate users, specify at least one TACACS+ server for the system to communicate with and congure TACACS+
as one of your authentication methods.
To select TACACS+ as the login authentication method, use the following commands.
1 Congure a TACACS+ server host.
CONFIGURATION mode
tacacs-server host {ip-address | host}
Enter the IP address or host name of the TACACS+ server.
Use this command multiple times to congure multiple TACACS+ server hosts.
2 Enter a text string (up to 16 characters long) as the name of the method list you wish to use with the TACAS+ authentication method.
CONFIGURATION mode
aaa authentication login {method-list-name | default} tacacs+ [...method3]
The TACACS+ method must not be the last method specied.
3 Enter LINE mode.
CONFIGURATION mode
line {aux 0 | console 0 | vty number [end-number]}
4 Assign the method-list to the terminal line.
LINE mode
login authentication {method-list-name | default}
Example of a Failed Authentication
To view the conguration, use the show config in LINE mode or the show running-config tacacs+ command in EXEC Privilege
mode.
If authentication fails using the primary method, Dell Networking OS employs the second method (or third method, if necessary)
automatically. The fallback to the second method would happen only if the authentication failure is due to a non-reachable server or invalid
196
Security