DELL S50V User Manual
948
|
Security
www.dell.com | support.dell.com
VTY Line and Access-Class Configuration
Various methods are available to restrict VTY access in FTOS. These depend on which authentication
scheme you use — line, local, or remote:
scheme you use — line, local, or remote:
FTOS provides several ways to configure access classes for VTY lines, including:
•
•
VTY Line Local Authentication and Authorization
FTOS retrieves the access class from the local database. To use this feature:
1. Create a username
2. Enter a password
3. Assign an access class
4. Enter a privilege level
Line authentication can be assigned on a per-VTY basis; it is a simple password authentication, using an
access-class as authorization.
access-class as authorization.
Local authentication is configured globally. You configure access classes on a per-user basis.
FTOS can assign different access classes to different users by username. Until users attempt to log in,
FTOS does not know if they will be assigned a VTY line. This means that incoming users always see a
login prompt even if you have excluded them from the VTY line with a
FTOS does not know if they will be assigned a VTY line. This means that incoming users always see a
login prompt even if you have excluded them from the VTY line with a
deny-all
access class. Once users
identify themselves, FTOS retrieves the access class from the local database and applies it. (FTOS also
subsequently can close the connection if a user is denied access).
subsequently can close the connection if a user is denied access).
if they cannot login. No access class is configured for the VTY line. It defaults from the local database.
Table 45-1. VTY Access
Authentication Method
VTY access-class
support?
support?
Username
access-class
support?
access-class
support?
Remote authorization support?
Line
YES
NO
NO
Local
NO
YES
NO
TACACS+
YES
NO
YES (with FTOS 5.2.1.0 and later)
RADIUS
YES
NO
YES (with FTOS 6.1.1.0 and later)