DELL N3000 User Manual
Configuring Authentication, Authorization, and Accounting
211
Authentication
Authentication is the process of validating a user's identity. During the
authentication process, only identity validation is done. There is no
determination made of which switch services the user is allowed to access.
This is true even when RADIUS is used for authentication; RADIUS cannot
perform separate transactions for authentication and authorization. However,
the RADIUS server can provide attributes during the authentication process
that are used in the authorization process.
Authentication Types
There are three types of authentication:
• Login— Login authentication grants access to the switch if the user
credentials are validated. Access is granted only at privilege level one.
•
Enable—Enable authentication grants access to a higher privilege level if
the user credentials are validated for the higher privilege level. When
RADIUS is used for enable authentication, the username for this request is
always $enab15$. The username used to log into the switch is not used for
RADIUS enable authentication.
•
Dot1x—Dot1x authentication is used to grant an 802.1X supplicant access
to the network. For more information about 802.1X, see "Configuring Port
Table 10-2 shows the valid methods for each type of authentication:
Table 10-2. Valid Methods for Authentication Types
Method
Login
Enable
Dot1x
enable
yes
yes
no
ias
no
no
yes
line
yes
yes
no
local
yes
no
no
none
yes
yes
yes
radius
yes
yes
yes
tacacs
yes
yes
no