Manuals

Manuals
AAA Commands: Dell PowerConnect 3324/3348 Switch CLI Guide

Back to Contents Page

AAA Commands

Dell™ PowerConnect™ 3324/3348 Switch CLI Guide

  aaa authentication login

  aaa authentication enable

  login authentication

  enable authentication

  ip http authentication

  ip https authentication

  show authentication methods

  password

  enable password

  username

  show users accounts

aaa authentication login

Use the aaa authentication login global configuration command to define login authentication. To return to the default configuration, use the no form of this command.

Syntax

aaa authentication login {default | list-name} method1 [method2...]

no aaa authentication login {default | list-name}

    • default—Uses the listed authentication methods that follow this argument as the default list of methods when a user logs in.

    • list-name—Character string used to name the list of authentication methods activated when a user logs in.

    • method1 [method2...]—Select at least one method from the following table:

Keyword

Source or destination

enable

Uses the enable password for authentication.

line

Uses the line password for authentication.

local

Uses the local user name database for authentication.

none

Uses no authentication. Access can be provided without authorization if defined as a specific authentication method.

radius

Uses the list of all RADIUS servers for authentication.

Default Configuration

The local user database is checked. This has the same effect as the aaa authentication login local command.

NOTE: On the console, login succeeds without any authentication check if the authentication method is not defined.

Command Mode

Global Configuration Mode

User Guidelines

The default and optional list names created with the aaa authentication login command are used with the login authentication command.

Use the aaa authentication login list-name method command to creat a list for a particular protocol, where list-name is any character string used to name this list. The method argument identifies the list of methods that the authentication algorithm tries, in the given sequence.

The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.

The following is an example of the CLI commands.

Console (config)# aaa authentication login default radius local enable none

aaa authentication enable

Use the aaa authentication enable default global configuration command to define authentication method lists for accessing higher privilege levels. To return to the default configuration, use the no form of this command.

Syntax

aaa authentication enable {default | list-name} method1 [method2...]

no aaa authentication enable default

    • default—Uses the listed authentication methods that follow this argument as the default list of methods, when using higher privilege levels.

    • list-name—Character string used to name the list of authentication methods activated, when using access higher privilege levels.

    • method1 [method2...]—Select at least one method from the following table:

Keyword

Source or destination

enable

Uses the enable password for authentication.

line

Uses the line password for authentication.

none

Uses no authentication. Access can be provided without authorization if defined as a specific authentication method.

radius

Uses the list of all RADIUS servers for authentication. Uses user name $enabx$. where x is the privilege level.

Default Configuration

If the default list is not set, only the enable password is checked. This has the same effect as the aaa authentication enable default enable command.

On the console, the enable password is used if it exists. If no password is set, the process still succeeds. This has the same effect as using the aaa authentication enable default enable none command.

Command Mode

Global Configuration Mode

User Guidelines

The default and optional list names created with the aaa authentication enable command are used with the enable authentication command.

Use the aaa authentication enable list-name method command to create a list, where list-name is any character string used to name this list. The method argument identifies the list of methods that the authentication algorithm tries, in the given sequence.

The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.

All aaa authentication enable default requests sent by the device to a RADIUS server include the username $enabx$., where x is the requested privilege level.

Example

The following example sets authentication when accessing higher privilege levels.

Console (config)# aaa authentication enable default

login authentication

Use the login authentication line configuration command to specify the login authentication method list for a remote Telnet or console. To return to the default specified by the authentication login command, use the no form of this command.

Syntax

login authentication {default | list-name}

no login authentication

    • default—Uses the default list created with the authentication login command.

    • list-name—Uses the indicated list created with the authentication login command.

Default Configuration

Uses the default set with the command authentication login.

Command Mode

Line Configuration Mode

User Guidelines

There are no user guidelines for this command.

Example

The following example specifies the default authenticationmethod for a remote Telnet or console.

Console (config-line)# login authentication default

enable authentication

Use the enable authentication line configuration command to specify the authentication method list when accessing a higher privilege level from a remote Telnet or console. To return to the default specified by the enable authentication command, use the no form of this command.

Syntax

enable authentication {default | list-name}

no enable authentication

    • default—Uses the default list created with the authentication enable command.

    • list-name—Uses the indicated list created with the authentication enable command.

Default Configuration

Uses the default set with the authentication enable command.

Command Mode

Line Configuration Mode

User Guidelines

There are no user guidelines for this command.

Example

The following example specifies the default authentication method when accessing a higher privilege level from a remote Telnet or console.

Console (config-line)# enable authentication default

ip http authentication

Use the ip http authentication global configuration mode command to specify authentication methods for http. To return to the default, use the no form of this command.

Syntax

ip http authentication method1 [method2...]

no ip http authentication

    • method1 [method2...]—Select at least one method from the following table:

Keyword

Source or destination

local

Uses the local user name database for authentication.

none

Uses no authentication. Access can be provided without authorization if defined as a specific authentication method.

radius

Uses the list of all RADIUS servers for authentication.

Default Configuration

The local user database is checked. This has the same effect as the ip http authentication local command.

Command Mode

Global Configuration Mode

User Guidelines

The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method from the command line.

Example

The following example configures the http authentication as either RADIUS or local in that order.

Console (config)# ip http authentication radius local

ip https authentication

Use the ip https authentication global configuration command to specify authentication methods for https. To return to the default, use the no form of this command.

Syntax

ip https authentication method1 [method2...]

no ip https authentication

    • method1 [method2...]—Select at least one method from the following table:

Keyword

Source or destination

local

Uses the local user name database for authentication.

none

Uses no authentication. Access can be provided without authorization if defined as a specific authentication method.

radius

Uses the list of all RADIUS servers for authentication.

Default Configuration

The local user database is checked. This has the same effect as the ip https authentication local command.

Command Mode

Global Configuration Mode

User Guidelines

The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.

Example

The following is an example of the CLI command.

Console (config)# ip https authentication radius local

show authentication methods

Use the authentication methods privilege EXEC command to display information about the authentication methods.

Syntax

show authentication methods

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC Mode

User Guidelines

There are no user guidelines for this command.

Example

The following example displays the authentication configuration.

Console# show authentication methods

Login Authentication Method Lists

---------------------------------

Default: Radius, Local, Line

Console_Login: Line, None

Enable Authentication Method Lists

----------------------------------

Default: Radius, Enable

Console_Enable: Enable, None

Line Login Method List Enable Method List

------- ----------------- -------------------

Console Console_Login Console_Enable

Telnet Default Default

SSH Default Default

HTTP: Radius, local

HTTPS: Radius, local

password

Use the password line configuration command to specify a password on a command line. To remove the password, use the no form of this command.

Syntax

password password [encrypted]

no password

    • password—Password for this level, from 1 to 159 characters in length.

    • encrypted—Encrypted password to be entered, copied from another device configuration.

Default Configuration

This command has no default configuration.

Command Mode

Line Configuration Mode

User Guidelines

There are no user guidelines for this command.

Example

The following example specifies a password.

Console (config-line)# password dell

enable password

Use the enable password global configuration command to set a local password to control access to user and privilege levels. To remove the password requirement, use the no form of this command.

Syntax

enable password [level level ] password [encrypted]

no enable password [ level level ]

    • password—Password for this level, from 1 to 159 characters in length.

    • level level—Level for which the password applies. If not specified, the level is 15 (Range: 1-15).

    • encrypted—Encrypted password entered, copied from another device configuration.

Default Configuration

This command has no default configuration.

Command Mode

Global Configuration Mode

User Guidelines

There are no user guidelines for this command.

Example

The following example sets a local level for a password to control access to user and privilege levels.

Console (config)# enable password level 15 dell

username

Use the username global configuration command to establish a user name-based authentication system. To remove a user name, use the no form of this command.

Syntax

username name [password password] [privilege level] [encrypted]

no username

    • name—The user name.

    • password—The user authentication password (Range: 1-159).

    • privilege level—Specifies the user level (Range: 1-15).

    • encrypted—Encrypted password entered, copied from another device configuration.

Default Configuration

The default privilege level is 1.

Command Mode

Global Configuration Mode

User Guidelines

When creating a user name, the default priority is 1, which does not allow access to the device. A priority of 15 must be specifically set to enable access to the device.

Example

The following example configures a user with the encrypted password and user level for the system.

Console (config)# username bob password lee 15 encrypted

show users accounts

The show users accounts privileged EXEC command displays information about the local user database.

Syntax

show users accounts

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC Mode

User Guidelines

There are no user guidelines for this command.

Example

The following example displays the local users configured with access to the system.

Console# show users accounts

Username Privilege

--------- ---------

Bob 15

Robert 15

Back to Contents Page

 

Shop
Solutions
Services
Systems
Software & Peripherals
Support
Drivers and Downloads
Product Support
Support by Topic
Warranty Information
Order Support
Community
Join the Discussion
Share Your Ideas
Read our Blog
Ratings & Reviews
Community Home
About Dell
Investor Relations
News
Company Information
Corporate Responsibility
All About Dell
My Account
Sign-in / Register
Order Status

Laptops | Desktops | Business Laptops | Business Desktops | Workstations | Servers | Storage | Monitors | Printers | LCD TVs | Electronics
© 2009 Dell | About Dell | Terms of Sale | Unresolved Issues | Privacy | About Our Ads | Dell Recycling | Contact | Site Map | Feedback
AT | AU | BE | BR | CA | CH | CL | CN | CO | DE | DK | ES | FR | HK | IE | IN | IT | JP | KR | ME | MX | MY | NL | NO | PA | PR | RU | SE | SG | UK | VE | ALL

Regular-sized Text
snWEB6