DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet User Manual
234
Please note that when the user logins to the device successfully through TACACS/XTACACS/server or
none method, the “user” privilege level is the only level assigned. If the user wants to get the administration privilege
level, the user must use the “enable admin” command to promote his privilege level. However when the user logins to
the device successfully through the RADIUS server or through the local method, three kinds of privilege levels can be
assigned to the user and the user cannot use the “enable admin” command to promote to the admin privilege level.
NOTE:
TACACS, XTACACS and are separate entities and are not compatible. The Switch
and the server must be configured exactly the same, using the same protocol. (For example, if the
Switch is set up for TACACS authentication, so must be the host server.)
Enable Admin
When the user logins to the device successfully through TACACS/XTACACS/server or none method, the
“user” privilege level is assigned only. If the user wants to get admin privilege level, the user must use the
Enable
Admin
window to promote his privilege level. But when the user logins to the device successfully through RADIUS
server or local method, three kinds of privilege levels can be assigned to the user and the user can not use the
Enable Admin
window to promote to admin privilege level.
To view this window, click
Security > Access Authentication Control > Enable Admin
,
as shown below:
Figure 8- 45 Enable Admin window
Authentication Policy Settings
This command will enable an administrator-defined authentication policy for users trying to access the Switch. When
enabled, the device will check the Login Method List and choose a technique for user authentication upon login.
To view this window, click
Security > Access Authentication Control > Authentication Policy Settings
,
as shown
below:
Figure 8- 46 Authentication Policy Settings window
The following parameters can be set:
Parameters Description
Authentication
Policy
Use the pull-down menu to enable or disable the Authentication Policy on the Switch.
Response Timeout
(0-255)
This field will set the time the Switch will wait for a response of authentication from the user.
The user may set a time between
0
and
255
seconds. The default setting is
30
seconds.
User Attempts (1-
255)
This command will configure the maximum number of times the Switch will accept
authentication attempts. Users failing to be authenticated after the set amount of attempts will
be denied access to the Switch and will be locked out of further authentication attempts.
Command line interface users will have to wait 60 seconds before another authentication
attempt. Telnet and web users will be disconnected from the Switch. The user may set the
number of attempts from
1
to
255
. The default setting is
3
.
Click
Apply
to implement changes made.