Dell PowerSwitch S4112F-ON OS10 Enterprise Edition User Guide Release 10.4.0ER - Page 457
Security, User re-authentication
View all Dell PowerSwitch S4112F-ON manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 457 highlights
Parameters • management - Configures the management VRF to be used to reach the Telnet server. Default Command Mode Usage Information Example The Telnet server is reachable on the default VRF. CONFIGURATION By default, the Telnet server is disabled. To enable the Telnet server, enter the telnet enable command. To configure the Telnet server to be reachable on the management VRF instance, use the ip telnet server vrf management command. OS10(config)# ip telnet server vrf management Supported Releases 10.4.0E(R1) or later Security Accounting, authentication, and authorization (AAA) services secure networks against unauthorized access. In addition to local authentication, OS10 supports remote authentication dial-in service (RADIUS) and terminal access controller access control system (TACACS+) client/server authentication systems. For RADIUS and TACACS+, an OS10 switch acts as a client and sends authentication requests to a server that contains all user authentication and network service access information. A RADIUS or TACACS+ server provides accounting, authentication (user credentials verification), and authorization (user privilege-level) services. You can configure the security protocol used for different login methods and users. The server uses a list of authentication methods to define the types of authentication and the sequence in which they apply. By default, only the local authentication method is used. The authentication methods in the method list are executed in the order in which they are configured. You can re-enter the methods to change the order. The local authentication method must always be in the list. If a console user logs in with RADIUS or TACACS+ authentication, the privilege-level you configured for the user on the RADIUS or TACACS+ server is applied. NOTE: You must configure the group name (level) on the RADIUS server using the vendor-specific attribute or the authentication fails. • Configure the AAA authentication method in CONFIGURATION mode. aaa authentication {local | radius | tacacs} - local - Use the username and password database defined in the local configuration. - radius - (Optional) Use the RADIUS servers configured with the radius-server host command as the primary authentication method. - tacacs - (Optional) Use the TACACS+ servers configured with the tacacs-server host command as the primary authentication method. Configure AAA authentication OS10(config)# aaa authentication radius local User re-authentication To prevent users from accessing resources and performing tasks for which they are not authorized, OS10 allows you to require users to reauthenticate by logging in again when an authentication method or server changes, such as: • Adding or removing a RADIUS server (radius-server host command) • Adding or removing an authentication method (aaa authentication {local | radius} command) System management 457