Manuals

Manuals
RADIUS Client Commands: Dell PowerConnect Switch User's Guide

Back to Contents Page

Authentication Commands:
Dell PowerConnect Switch User's Guide

authentication login

radius-server host

radius-server port

radius-server key 

radius-server retransmit

radius-server timeout

tacacs-server host

tacacs-server port

tacacs-server key

show radius-server

show tacacs-server

You can configure the switch to authenticate users logging into the system for management access using local or authentication-server methods.
Remote Authentication Dial-in User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+) are logon authentication protocols that use software running on a central server to control access to RADIUS-aware or TACACS+-aware devices on the network. An authentication server contains a database of multiple user name/password pairs with associated privilege levels for each user or group that require management access to a switch.

authentication login

Use this command to define the login authentication method and precedence. Use the no form to restore the default.

Syntax

authentication login {[local] [radius] [tacacs]}
no authentication login

  • local - Use local authentication.
  • radius - Use RADIUS server authentication.
  • tacacs - Use TACACS+ server authentication.

Default Setting

Local only

Command Mode

Global Configuration

Command Usage

  • RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery, while TCP offers a connection-oriented transport. Also, note that RADIUS encrypts only the password in the access-request packet from the client to the server.
  • RADIUS and TACACS+ logon authentication can control management access via the console port, a Web browser, or Telnet. These access options must be configured on the authentication server.
  • RADIUS and TACACS+ logon authentication assigns a specific privilege level for each user name and password pair. The user name, password, and privilege level must be configured on the authentication server.
  • You can specify three authentication methods in a single command to indicate the authentication sequence. For example, if you enter “authentication login radius tacacs local,” the user name and password on the RADIUS server is verified first. If the RADIUS server is not available, then authentication is attempted on the TACACS+ server. If the TACACS+ server is not available, the local user name and password is checked.
  • If you are using only a RADIUS server for authentication, you need to configure a special user name on the server for the CLI enable command that allows access to the Privileged Exec level from the Normal Exec level. The user name to configure on the RADIUS server for this command is "$Enable."

Example

Console(config)#authentication login radius local
Console(config)#

Related Commands

username for setting the local password

radius-server host

Use this command to specify the RADIUS server. Use the no form to restore the default.

Syntax

radius-server host host_ip_address
no radius-server host

host_ip_address - IP address of a RADIUS server.

Default Setting

10.1.0.1

Command Mode

Global Configuration

Example

Console(config)#radius-server host 192.168.1.25
Console(config)#

radius-server port

Use this command to set the RADIUS server network port. Use the no form to restore the default.

Syntax

radius-server port port_number
no radius-server port

port_number - RADIUS server UDP port used for authentication messages. (Range: 1-65535)

Default Setting

1812

Command Mode

Global Configuration

Example

Console(config)#radius-server port 181
Console(config)#

radius-server key

Use this command to set the RADIUS encryption key. Use the no form to restore the default.

Syntax

radius-server key key_string
no radius-server key

key_string - Encryption key used to authenticate logon access for client. Do not use blank spaces in the string.
(Maximum length: 20 characters)

Default Setting

None

Command Mode

Global Configuration

Example

Console(config)#radius-server key solvent
Console(config)#

radius-server retransmit

Use this command to set the number of retries. Use the no form to restore the default.

Syntax

radius-server retransmit number_of_retries
no radius-server retransmit

number_of_retries - Number of times the switch will try to authenticate logon access via the RADIUS server. (Range is 1 - 30)

Default Setting

2

Command Mode

Global Configuration

Example

Console(config)#radius-server retransmit 5
Console(config)#

radius-server timeout

Use this command to set the interval between transmitting authentication requests to the RADIUS server. Use the no form to restore the default.

Syntax

radius-server timeout number_of_seconds
no radius-server timeout

number_of_seconds - Number of seconds the switch waits for a reply before resending a request. (Range: 1-65535)

Default Setting

5 seconds

Command Mode

Global Configuration

Example

Console(config)#radius-server timeout 10
Console(config)#

show radius-server

Use this command to display current settings for the RADIUS server.

Default Setting

None

Command Mode

Privileged Exec

Example

Console#show radius-server
Server IP address: 10.1.0.99
 Communication key with radius server: solvent
 Server port number: 1812
 Retransmit times: 2
 Request timeout: 5
Console#

tacacs-server host

Use this command to specify the RADIUS server. Use the no form to restore the default.

Syntax

tacacs-server host host_ip_address
no tacacs-server host

host_ip_address - IP address of a TACACS+ server.

Default Setting

10.11.12.13

Command Mode

Global Configuration

Example

Console(config)#tacacs-server host 192.168.1.25
Console(config)#

tacacs-server port

Use this command to set the TACACS+ server network port. Use the no form to restore the default.

Syntax

radius-server port port_number
no radius-server port

port_number - TACACS+ server TCP port used for authentication messages. (Range: 1-65535)

Default Setting

49

Command Mode

Global Configuration

Example

Console(config)#tacacs-server port 181
Console(config)#

tacacs-server key

Use this command to set the TACACS+ encryption key. Use the no form to restore the default.

Syntax

tacacs-server key key_string
no tacacs-server key

key_string - Encryption key used to authenticate logon access for client. Do not use blank spaces in the string.
(Maximum length: 20 characters)

Default Setting

None

Command Mode

Global Configuration

Example

Console(config)#tacacs-server key green
Console(config)#

show tacacs-server

Use this command to display current settings for the TACACS+ server.

Default Setting

None

Command Mode

Privileged Exec

Example

Console#show tacacs-server
Remote TACACS server configuration:
Server IP address: 10.11.12.13
Communication key with radius server: green
Server port number: 49
Console#

Please read all restrictions and disclaimers.

 Back to Contents Page

Shop
Solutions
Services
Systems
Software & Peripherals
Support
Drivers and Downloads
Product Support
Support by Topic
Warranty Information
Order Support
Community
Join the Discussion
Share Your Ideas
Read our Blog
Ratings & Reviews
Community Home
About Dell
Investor Relations
News
Company Information
Corporate Responsibility
All About Dell
My Account
Sign-in / Register
Order Status

Laptops | Desktops | Business Laptops | Business Desktops | Workstations | Servers | Storage | Monitors | Printers | LCD TVs | Electronics
© 2009 Dell | About Dell | Terms of Sale | Unresolved Issues | Privacy | About Our Ads | Dell Recycling | Contact | Site Map | Feedback
AT | AU | BE | BR | CA | CH | CL | CN | CO | DE | DK | ES | FR | HK | IE | IN | IT | JP | KR | ME | MX | MY | NL | NO | PA | PR | RU | SE | SG | UK | VE | ALL

Regular-sized Text
snWEB1