DELL 8132 ユーザーズマニュアル
AAA Commands
237
4
AAA Commands
Management access to the switch is via telnet, HTTP, SSH, or the serial
console (SNMP access is discussed in
). To ensure that only
authorized users can access and change the configuration of the switch, users
must be authenticated.
Users can be authenticated based on:
Users can be authenticated based on:
• Login mode
• Switch access method
• Access to Privileged EXEC mode
• Two levels of access:
• Switch access method
• Access to Privileged EXEC mode
• Two levels of access:
–
1 = Read-only
–
15 = Write-only
The supported authentication methods for management access are:
• Local: The user's locally stored ID and password are used for
authentication.
• RADIUS: The user's ID and password are authenticated using the
RADIUS server.
• TACACS+: The user's ID and password are authenticated using the
TACACS+ server.
• None: No authentication is used.
• Enable: Uses the enable password for authentication.
• Line: Uses the line password for authentication.
• Authentication Preference Lists (APLs): An Authentication Preference List
• Enable: Uses the enable password for authentication.
• Line: Uses the line password for authentication.
• Authentication Preference Lists (APLs): An Authentication Preference List
is an ordered list of authentication methods.
To authenticate a user, the authentication methods in the APL for the access
line are attempted in order until an authentication attempt returns a success
or failure return code. If a method times out, the next method in the list is
attempted. The component requesting authentication is unaware of the
ultimate authentication source. If a method in the preference list does not
2CSPC4.X8100-SWUM102.book Page 237 Friday, March 15, 2013 8:56 AM