Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4128F-ON/S4128T-ON

381

382

383

384

385

386

387

388

389

390

The authentication methods in the method list are executed in the order in which they are congured. You can re-enter the methods to

change the order. If a console user logs in with RADIUS authentication, the privilege-level applies from the RADIUS server if you congured

the privilege-level for that user in RADIUS.

NOTE: You must congure the group name (level) on the RADIUS server using the vendor-specic attribute or the

authentication fails.

• Congure the AAA authentication method in CONFIGURATION mode.

aaa authentication [local | radius]

• local — Use the username and password database dened in the local conguration.

• radius — (Optional) Use the RADIUS servers congured with the radius-server host command as the primary

authentication method.

Congure AAA authentication

OS10(config)# aaa authentication radius local

Role-based access control

RBAC provides control for access and authorization. Users are granted permissions based on dened roles — not on their individual system

user ID. Create user roles based on job functions to help users perform their associated job function. You can assign each user only a single

role, and many users can have the same role. When you enter a user role, you are authenticated and authorized. You do not need to enter

an enable password because you are automatically placed in EXEC mode.

OS10 supports the constrained RBAC model. With this model, you can inherit permissions when you create a new user role, restrict or add

commands a user can enter, and set the actions the user can perform. This allows greater exibility when assigning permissions for each

command to each role. Using RBAC is easier and more ecient to administer user rights. If a user’s role matches one of the allowed user

roles for that command, command authorization is granted.

A constrained RBAC model provides separation of duty as well as greater security. A constrained model place some limitations on each

role’s permissions to allow you to partition tasks. Some inheritance is possible. For greater security, only some user roles can view events,

audits, and security system logs.

RADIUS server host

When conguring a RADIUS server host, you can set dierent communication parameters, such as a user datagram protocol (UDP) port,

key password, number of retries, and timeout.

• Enter the host name or IP address of the RADIUS server host in CONFIGURATION mode.

radius-server host [hostname | ip-address] [auth-port port-number | key authentication-key

The default RADIUS authentication port is 1812.

To congure multiple RADIUS server hosts, congure the radius-server host command multiple times. If you congure multiple

RADIUS server hosts, OS10 attempts to connect with them in the order you congured them. When the system attempts to authenticate a

user, the software connects with the RADIUS server hosts one at a time, until a RADIUS server host responds with an accept or reject

response.

If you want to change an optional parameter setting for a specic host, use the radius-server host command.

Congure RADIUS server host

OS10(config)# radius-server host 1.2.4.5

System management

387