Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4048T-ON

761

762

763

764

765

766

767

768

769

770

3. Enter LINE mode.

CONFIGURATION mode

line {aux 0 | console 0 | vty number [end-number]}

4. Assign the method-list to the terminal line.

LINE mode

To view the configuration, use the show config in LINE mode or the show running-config tacacs+ command in EXEC

Privilege mode.

If authentication fails using the primary method, Dell EMC Networking OS employs the second method (or third method, if necessary)

automatically. The fallback to the second method would happen only if the authentication failure is due to a non-reachable server or invalid

TACACS server key. The fallback would not occur if the authentication failure is due to invalid credentials. For example, if the TACACS+

server is reachable, but the server key is invalid, Dell EMC Networking OS proceeds to the next authentication method. In the following

example, the TACACS+ is incorrect, but the user is still authenticated by the secondary method.

First bold line: Server key purposely changed to incorrect value.

Second bold line: User authenticated using the secondary method.

DellEMC(conf)#

DellEMC(conf)#do show run aaa

aaa authentication enable default tacacs+ enable

aaa authentication enable LOCAL enable tacacs+

aaa authentication login default tacacs+ local

aaa authentication login LOCAL local tacacs+

aaa authorization exec default tacacs+ none

aaa authorization commands 1 default tacacs+ none

aaa authorization commands 15 default tacacs+ none

aaa accounting exec default start-stop tacacs+

aaa accounting commands 1 default start-stop tacacs+

aaa accounting commands 15 default start-stop tacacs+

DellEMC(conf)#

DellEMC(conf)#do show run tacacs+

tacacs-server key 7 d05206c308f4d35b

tacacs-server host 10.10.10.10 timeout 1

DellEMC(conf)#tacacs-server key angeline

DellEMC(conf)#%RPM0-P:CP %SEC-5-LOGIN_SUCCESS: Login successful for user admin on

vty0 (10.11.9.209)

%RPM0-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password

authentication success on vty0 ( 10.11.9.209 )

%RPM0-P:CP %SEC-5-LOGOUT: Exec session is terminated for user admin on line

vty0 (10.11.9.209)

DellEMC(conf)#username angeline password angeline

DellEMC(conf)#%RPM0-P:CP %SEC-5-LOGIN_SUCCESS: Login successful for user angeline

on vty0 (10.11.9.209)

%RPM0-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password

authentication success on vty0 ( 10.11.9.209 )

Monitoring TACACS+

To view information on TACACS+ transactions, use the following command.

• View TACACS+ transactions to troubleshoot problems.

EXEC Privilege mode

debug tacacs+

TACACS+ Remote Authentication

The system takes the access class from the TACACS+ server. Access class is the class of service that restricts Telnet access and packet

sizes.

If you have configured remote authorization, the system ignores the access class you have configured for the VTY line and gets this

access class information from the TACACS+ server. The system must know the username and password of the incoming user before it

can fetch the access class from the server. A user, therefore, at least sees the login prompt. If the access class denies the connection, the

766

Security