Addendum

1. Enable RADIUS and set up TACACS as backup.

CONFIGURATION mode

aaa authentication enable default radius tacacs

2. Establish a host address and password.

CONFIGURATION mode

radius-server host x.x.x.x key some-password

3. Establish a host address and password.

CONFIGURATION mode

tacacs-server host x.x.x.x key some-password

To get enable authentication from the RADIUS server and use TACACS as a backup, issue the

To use local authentication for enable secret on the console, while using remote authentication on

VTY lines, issue the following commands.

Example of Enabling Local Authentication for the Console and Remote Authentication for VTY Lines

FTOS(config)# aaa authentication enable mymethodlist radius tacacs

FTOS(config)# line vty 0 9

FTOS(config-line-vty)# enable authentication mymethodlist

Server-Side Configuration

• TACACS+ — When using TACACS+, Dell Networking sends an initial packet with service type

SVC_ENABLE, and then sends a second packet with just the password. The TACACS server must have

an entry for username $enable$.

Remote authentication dial-in user service (RADIUS) is a distributed client/server protocol.

This protocol transmits authentication, authorization, and configuration information between a central

RADIUS server and a RADIUS client (the Dell Networking system). The system sends user information to

the RADIUS server and requests authentication of the user and password. The RADIUS server returns one

of the following responses:

• Access-Accept — the RADIUS server authenticates the user.