D-Link 3312SR Reference Manual - Page 152

config authen_enable, of the RADIUS - default password

Get D-Link 3312SR - Switch PDF manuals and user guides
UPC - 790069263873
View all D-Link 3312SR manuals
Add to My Manuals
Save this manual to your list of manuals

Page 152 highlights

DGS-3312SR Layer 3 Gigabit Switch config authen_enable Description Parameters This command is used to promote users with normal level privileges to Administrator level privileges using authentication methods on the switch. Once a user acquires normal user level privileges on the switch, he or she must be authenticated by a method on the switch to gain administrator privileges on the switch, which is defined by the Administrator. A maximum of eight (8) enable method lists can be implemented on the switch. The sequence of methods implemented in this command will affect the authentication result. For example, if a user enters a sequence of methods like tacacs - xtacacs - local_enable, the switch will send an authentication request to the first tacacs host in the server group. If no verification is found, the switch will send an authentication request to the second tacacs host in the server group and so on, until the list is exhausted. At that point, the switch will restart the same sequence with the following protocol listed, xtacacs. If no authentication takes place using the xtacacs list, the local_enable password set in the switch is used to authenticate the user. Successful authentication using any of these methods will give the user a "Admin" privilege. default - The default method list for administration rights authentication, as defined by the user. The user may choose one or a combination of up to four (4) of the following authentication methods: tacacs - Adding this parameter will require the user to be authenticated using the TACACS protocol from the remote TACACS server hosts of the TACACS server group list. xtacacs - Adding this parameter will require the user to be authenticated using the XTACACS protocol from the remote XTACACS server hosts of the XTACACS server group list. tacacs+ - Adding this parameter will require the user to be authenticated using the TACACS+ protocol from the remote TACACS+ server hosts of the TACACS+ server group list. radius - Adding this parameter will require the user to be authenticated using the RADIUS protocol from the remote RADIUS server hosts of the RADIUS server group list. server_group - Adding this parameter will require the user to be authenticated using a user-defined server group previously configured on the switch. local_enable - Adding this parameter will require the user to be authenticated using the local user account database on the switch. none - Adding this parameter will require no authentication to access the switch. method_list_name - Enter a previously implemented method list name defined by the user (create authen_enable). The user may add one, or a combination of up to four (4) of the following authentication methods to this method list: tacacs - Adding this parameter will require the user to be authenticated using the TACACS protocol from a remote TACACS server. xtacacs - Adding this parameter will require the user to be authenticated using the XTACACS protocol from a remote 146

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
DGS-3312SR Layer 3 Gigabit Switch
146
config authen_enable
Description
This command is used to promote users with normal level privileges
to Administrator level privileges using authentication methods on the
switch. Once a user acquires normal user level privileges on the
switch, he or she must be authenticated by a method on the switch
to gain administrator privileges on the switch, which is defined by the
Administrator. A maximum of eight (8) enable method lists can be
implemented on the switch.
The sequence of methods implemented in this command will affect
the authentication result. For example, if a user enters a sequence of
methods like
tacacs – xtacacs – local_enable,
the switch will send
an authentication request to the first
tacacs
host in the server group.
If no verification is found, the switch will send an authentication
request to the second
tacacs
host in the server group and so on,
until the list is exhausted. At that point, the switch will restart the
same sequence with the following protocol listed,
xtacacs
. If no
authentication takes place using the
xtacacs
list, the
local_enable
password set in the switch is used to authenticate the user.
Successful authentication using any of these methods will give the
user a “Admin” privilege.
Parameters
default
– The default method list for administration rights
authentication, as defined by the user. The user may choose one or
a combination of up to four (4) of the following authentication
methods:
±
tacacs
– Adding this parameter will require the user to be
authenticated using the TACACS protocol from the remote
TACACS
server hosts
of the TACACS
server group
list.
±
xtacacs
– Adding this parameter will require the user to be
authenticated using the XTACACS protocol from the remote
XTACACS
server hosts
of the XTACACS
server group
list.
±
tacacs+
– Adding this parameter will require the user to be
authenticated using the TACACS+ protocol from the remote
TACACS+
server hosts
of the TACACS+
server group
list.
±
radius
– Adding this parameter will require the user to be
authenticated using the RADIUS protocol from the remote
RADIUS
server hosts
of the RADIUS
server group
list.
±
server_group <string 15>
- Adding this parameter will
require the user to be authenticated using a user-defined
server group previously configured on the switch.
±
local_enable
- Adding this parameter will require the user to
be authenticated using the local
user account
database on
the switch.
±
none
– Adding this parameter will require no authentication
to access the switch.
method_list_name
– Enter a previously implemented method list
name defined by the user (
create authen_enable
). The user may
add one, or a combination of up to four (4) of the following
authentication methods to this method list:
±
tacacs
– Adding this parameter will require the user to be
authenticated using the TACACS protocol from a remote
TACACS server.
±
xtacacs
– Adding this parameter will require the user to be
authenticated using the XTACACS protocol from a remote