Users Guide
If you do not set the default list, only the local enable is checked. This setting has the same effect as issuing
an aaa authentication enable default enable command.
Enabling AAA Authentication — RADIUS
To enable authentication from the RADIUS server, and use TACACS as a backup, use the following
commands.
1 Enable RADIUS and set up TACACS as backup.
CONFIGURATION mode
aaa authentication enable default radius tacacs
2 Establish a host address and password.
CONFIGURATION mode
radius-server host x.x.x.x key some-password
3 Establish a host address and password.
CONFIGURATION mode
tacacs-server host x.x.x.x key some-password
Examples of the enable commands for RADIUS
To get enable authentication from the RADIUS server and use TACACS as a backup, issue the following
commands.
The following example shows enabling authentication from the RADIUS server.
Dell(config)# aaa authentication enable default radius tacacs
Radius and TACACS server has to be properly setup for this.
Dell(config)# radius-server host x.x.x.x key <some-password>
Dell(config)# tacacs-server host x.x.x.x key <some-password>
To use local authentication for enable secret or enable sha256-password on the console, while using
remote authentication on VTY lines, issue the following commands.
The following example shows enabling local authentication for console and remote authentication for the
VTY lines.
Dell(config)# aaa authentication enable mymethodlist radius tacacs
Dell(config)# line vty 0 9
Dell(config-line-vty)# enable authentication mymethodlist
Server-Side Configuration
• TACACS+ — When using TACACS+, Dell Networking sends an initial packet with service type
SVC_ENABLE, and then sends a second packet with just the password. The TACACS server must have an
entry for username $enable$.
• RADIUS — When using RADIUS authentication, the Dell Networking OS sends an authentication packet
with the following:
Username: $enab15$
Password: <password-entered-by-user>
Security 929