DELL S50V User Manual
Security | 933
Figure 45-4. Failed Authentication
Monitor TACACS+
To view information on TACACS+ transactions, use the following command in the EXEC Privilege mode:
TACACS+ Remote Authentication and Authorization
FTOS takes the access class from the TACACS+ server. Access class is the class of service that restricts
Telnet access and packet sizes.
If you have configured remote authorization, then FTOS ignores the access
class you have configured for the VTY line. FTOS instead gets this access class information
from the
TACACS+ server. FTOS needs to know the username and password of the incoming user before it can
fetch the access class from the server. A user, therefore, will at least see the login prompt. If the access
class denies the connection, FTOS closes the Telnet session immediately.
fetch the access class from the server. A user, therefore, will at least see the login prompt. If the access
class denies the connection, FTOS closes the Telnet session immediately.
Command Syntax
Command Mode
Purpose
debug tacacs+
EXEC Privilege
View TACACS+ transactions to troubleshoot
problems.
problems.
FTOS(conf)#
FTOS(conf)#do show run aaa
!
aaa authentication enable default tacacs+ enable
aaa authentication enable LOCAL enable tacacs+
aaa authentication login default tacacs+ local
aaa authentication login LOCAL local tacacs+
aaa authorization exec default tacacs+ none
aaa authorization commands 1 default tacacs+ none
aaa authorization commands 15 default tacacs+ none
aaa accounting exec default start-stop tacacs+
aaa accounting commands 1 default start-stop tacacs+
aaa accounting commands 15 default start-stop tacacs+
FTOS(conf)#
FTOS(conf)#do show run tacacs+
!
tacacs-server key 7 d05206c308f4d35b
tacacs-server host 10.10.10.10 timeout 1
FTOS(conf)#tacacs-server key angeline
FTOS(conf)#%RPM0-P:CP %SEC-5-LOGIN_SUCCESS: Login successful for user admin on vty0
(10.11.9.209)
%RPM0-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password authentication
success on vty0 ( 10.11.9.209 )
%RPM0-P:CP %SEC-5-LOGOUT: Exec session is terminated for user admin on line vty0
(10.11.9.209)
FTOS(conf)#username angeline password angeline
FTOS(conf)#%RPM0-P:CP %SEC-5-LOGIN_SUCCESS: Login successful for user angeline on
vty0 (10.11.9.209)
%RPM0-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password authentication
success on vty0 ( 10.11.9.209 )
Server key purposely changed to incorrect value
User authenticated using secondary method