Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4148U-ON

451

452

453

454

455

456

457

458

459

460

The authentication methods in the method list are executed in the order in which they are congured. You can re-enter the methods to

change the order. The local authentication method must always be in the list. If a console user logs in with RADIUS authentication, the

privilege-level applies from the RADIUS server if you congured the privilege-level for that user in RADIUS.

NOTE: You must congure the group name (level) on the RADIUS server using the vendor-specic attribute or the

authentication fails.

• Congure the AAA authentication method in CONFIGURATION mode.

aaa authentication [local | radius]

• local — Use the username and password database dened in the local conguration.

• radius — (Optional) Use the RADIUS servers congured with the radius-server host command as the primary

authentication method.

Congure AAA authentication

OS10(config)# aaa authentication radius local

User re-authentication

To prevent users from accessing resources and performing tasks for which they are not authorized, OS10 allows you to require users to re-

authenticate by logging in again when an authentication method or server changes, such as:

• Adding or removing a RADIUS server (radius-server host command)

• Adding or removing an authentication method (aaa authentication [local | radius] command)

You can enable this feature so that user re-authentication is required when any of these actions are performed. In these cases, logged-in

users are logged out of the switch and all OS10 sessions are terminated. By default, user re-authentication is disabled.

Enable user re-authentication

• Enable user re-authentication in CONFIGURATION mode.

aaa re-authenticate enable

Enter the no form of the command to disable user re-authentication.

Password strength

By default, the password you congure with the username password command must be at least nine alphanumeric characters.

To increase password strength, you can create password rules using the password-attributes command. When you enter the

command, at least one parameter is required. When you enter the character-restriction parameter, at least one option is required.

• Create rules for stronger passwords in CONFIGURATION mode.

password-attributes {[min-length number] [character-restriction {[upper number]

[lower number][numeric number] [special-char number]}}

• min-length number — Enter the minimum number of required alphanumeric characters (6 to 32; default 9).

• character-restriction — Enter a requirement for the alphanumeric characters in a password:

• upper number — Minimum number of uppercase characters required (0 to 31; default 0).

• lower number — Minimum number of lowercase characters required (0 to 31; default 0).

• numeric number — Minimum number of numeric characters required (0 to 31; default 0).

• special-char number — Minimum number of special characters required (0 to 31; default 0).

System management

451