xStack Gigabit Layer 3 Switch Command Line Interface Manual
Example usage:
To create a user-defined method list, named “Permit” for promoting user privileges to Administrator privileges:
Command: show authen_login method_list_name Permit
DGS-3324SRi:4#create authen_enable method_list_name Permit
Success.
DGS-3324SRi:4#
config authen_enable
Used to configure a user-defined method list of authentication
methods for promoting normal user level privileges to Administrator
level privileges on the Switch.
config authen_enable [default | method_list_name <string 15>]
method {tacacs | xtacacs | | radius | server_group
<string 15> | local_enable | none}
This command is used to promote users with normal level privileges
to Administrator level privileges using authentication methods on the
Switch. Once a user acquires normal user level privileges on the
Switch, he or she must be authenticated by a method on the Switch
to gain administrator privileges on the Switch, which is defined by
the Administrator. A maximum of eight (8) method lists can be
implemented on the Switch.
The sequence of methods implemented in this command will affect
the authentication result. For example, if a user enters a sequence of
methods like
tacacs – xtacacs – local_enable,
the Switch will send
an authentication request to the first
tacacs
host in the server group.
If no verification is found, the Switch will send an authentication
request to the second
tacacs
host in the server group and so on,
until the list is exhausted. At that point, the Switch will restart the
same sequence with the following protocol listed,
xtacacs
. If no
authentication takes place using the
xtacacs
list, the
local_enable
password set in the Switch is used to authenticate the user.
Purpose
Syntax
Description
Successful authentication using any of these methods will give the
user a “Admin” privilege.
Parameters
default
– The default method list for administration rights
authentication, as defined by the user. The user may choose one or
a combination of up to four (4) of the following authentication
methods:
tacacs
– Adding this parameter will require the user to be
authenticated using the TACACS protocol from the remote
TACACS
server hosts
of the TACACS
server group
list.
xtacacs
– Adding this parameter will require the user to be
authenticated using the XTACACS protocol from the remote
XTACACS
server hosts
of the XTACACS
server group
list.
– Adding this parameter will require the user to be
authenticated using the protocol from the remote
server hosts
of the
server group
list.
radius
- Adding this parameter will require the user to be
168