Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S5000

781

782

783

784

785

786

787

788

789

790

Security | 789

Figure 44-4. Failed Authentication

Monitoring TACACS+

To view information on TACACS+ transactions, use the following command in the EXEC Privilege mode:

TACACS+ Remote Authentication and Authorization

Dell Networking OS takes the access class from the TACACS+ server. Access class is the class of service

that restricts Telnet access and packet sizes. If you have configured remote authorization, then Dell

Networking OS ignores the access class you have configured for the VTY line. Dell Networking OS

instead gets this access class information from the TACACS+ server. Dell Networking OS needs to know

the username and password of the incoming user before it can fetch the access class from the server. A

user, therefore, will at least see the login prompt. If the access class denies the connection, Dell

Networking OS closes the Telnet session immediately.

Command Syntax Command Mode Purpose

debug tacacs+

EXEC Privilege View TACACS+ transactions to troubleshoot

problems.

Dell(conf)#

Dell(conf)#do show run aaa

aaa authentication enable default tacacs+ enable

aaa authentication enable LOCAL enable tacacs+

aaa authentication login default tacacs+ local

aaa authentication login LOCAL local tacacs+

aaa authorization exec default tacacs+ none

aaa authorization commands 1 default tacacs+ none

aaa authorization commands 15 default tacacs+ none

aaa accounting exec default start-stop tacacs+

aaa accounting commands 1 default start-stop tacacs+

aaa accounting commands 15 default start-stop tacacs+

Dell(conf)#

Dell(conf)#do show run tacacs+

tacacs-server key 7 d05206c308f4d35b

tacacs-server host 10.10.10.10 timeout 1

Dell(conf)#tacacs-server key angeline

Dell(conf)#%STKUNIT0-M:CP %SEC-5-LOGIN_SUCCESS: Login successful for user

admin on vty0 (10.11.9.209)

%STKUNIT0-M:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password

authentication success on vty0 ( 10.11.9.209 )

%STKUNIT0-M:CP %SEC-5-LOGOUT: Exec session is terminated for user admin on

line vty0 (10.11.9.209)

Dell(conf)#username angeline password angeline

Dell(conf)#%STKUNIT0-M:CP %SEC-5-LOGIN_SUCCESS: Login successful for user

angeline on vty0 (10.11.9.209)

%STKUNIT0-M:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password

authentication success on vty0 ( 10.11.9.209 )

Server key purposely changed to incorrect value

User authenticated using secondary method