Manualshelf

Deployment Guide

ManualsBrandsDell ManualsComputer equipmentPowerEdge M IO Aggregator
181182183184185186187188189190
Enabling AAA Authentication — RADIUS
To enable authentication from the RADIUS server, and use TACACS as a backup, use the following commands.
1 Enable RADIUS and set up TACACS as backup.
CONFIGURATION mode
aaa authentication enable default radius tacacs
2 Establish a host address and password.
CONFIGURATION mode
radius-server host x.x.x.x key some-password
3 Establish a host address and password.
CONFIGURATION mode
tacacs-server host x.x.x.x key some-password
To get enable authentication from the RADIUS server and use TACACS as a backup, issue the following commands.
Example of Enabling Authentication from the RADIUS Server
Dell(config)# aaa authentication enable default radius tacacs
Radius and TACACS server has to be properly setup for this.
Dell(config)# radius-server host x.x.x.x key <some-password>
Dell(config)# tacacs-server host x.x.x.x key <some-password>
To use local authentication for enable secret on the console, while using remote authentication on VTY lines, issue the following
commands.
Example of Enabling Local Authentication for the Console and Remote Authentication for VTY Lines
Dell(config)# aaa authentication enable mymethodlist radius tacacs
Dell(config)# line vty 0 9
Dell(config-line-vty)# enable authentication mymethodlist
Server-Side Conguration
TACACS+ — When using TACACS+, Dell Networking OS sends an initial packet with service type SVC_ENABLE, and then sends a
second packet with just the password. The TACACS server must have an entry for username $enable$.
RADIUS — When using RADIUS authentication, Dell Networking OS sends an authentication packet with the following:
Username: $enab15$
Password: <password-entered-by-user>
Therefore, the RADIUS server must have an entry for this username.
Conguring Re-Authentication
Starting from Dell EMC Networking OS 9.11(0.0), the system enables re-authentication of user whenever there is a change in the
authenticators.
The change in authentication happens when:
Add or remove an authentication server (RADIUS/TACACS+)
Modify an AAA authentication/authorization list
Change to role-only (RBAC) mode
Security
189