xStack

®

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

62

DGS-3627:admin# create authen_enable method_list_name enable_list_1

Command: create authen_enable method_list_name enable_list_1

Success.

DGS-3627:admin#

config authen_enable

Purpose

This command is used to configure a user-defined or default method list of authentication

methods for promoting a user's privilege to Admin level.

Syntax

config authen_enable [default | method_list_name <string 15>] method {tacacs |

xtacacs | tacacs+ | radius | server_group <string 15> | local _enable | none}(1)

Description

Configures a user-defined or default method list of authentication methods for promoting a

user's privilege to Admin level. The sequence of methods will affect the authentication result.

For example, if the sequence is tacacs+ first, followed by tacacs and local_enable, when a

user tries to login, the authentication request will be sent to the first server host in the tacacs+

built-in server group. If the first server host in the tacacs+ group is missing, the authentication

request will be sent to the second server host in the tacacs+ group, and so on. If all server

hosts in the tacacs+ group are missing, the authentication request will be sent to the first

server host in the tacacs group. If all server hosts in the tacacs group are missing, the local

enable password in the device will be used to authenticate the user’s password. The local

enable password in the device can be configured using the “config admin local_password”

CLI command.

Parameters

default

- Specify the default method list of authentication methods.

method_list_name

- Specify the user-defined method list of authentication methods.

tacacs

- Specify authentication by the built-in server group “tacacs”.

xtacacs

- Specify authentication by the built-in server group “xtacacs”.

tacacs+

- Specify authentication by the built-in server group “tacacs+”.

radius

- Specify authentication by the built-in server group “radius”.

server_group

- Specify authentication by the user-defined server group.

local_enable

- Specify authentication by the local enable password in the device.

none

- Specify no authentication.

Restrictions

Only Administrator level users can issue this command.

Example usage:

To configure a user-defined method list called “method_list_name” that will be used to promote a user's privilege to

Admin level:

DGS-3627:admin# config authen_enable method_list_name enable_list_1 method tacacs+ tac

acs local_enable

Command: config authen_ enable method_list_name enable_list_1 method tacacs+ tacac

s local_enable

Success.

DGS-3627:admin#

delete authen_enable method_list_name

Purpose

This command is used to delete a user-defined method list of authentication methods for

promoting a user's privilege to Admin level.

Syntax

delete authen_enable method_list_name <string 15>

xStack

®

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

63

delete authen_enable method_list_name

Description

Deletes a user-defined method list of authentication methods for promoting a user's privilege

to Admin level.

Parameters

<string 15>

- The user-defined method list name

Restrictions

Only Administrator level users can issue this command.

Example usage:

To delete the user-defined method list called “enable_list_1”, that is used to promote a user's privilege to Admin level:

DGS-3627:admin# delete authen_enable method_list_name enable_list_1

Command: delete authen_enable method_list_name enable_list_1

Success.

DGS-3627:admin#

show authen_enable

Purpose

This command is used to display the method list of authentication methods for promoting a

user's privilege to Admin level.

Syntax

show authen_enable [default | method_list_name <string 15> | all]

Description

Displays the method list of authentication methods used for promoting a user's privilege to

Admin level.

Parameters

default

- Display the default user-defined method list for promoting a user's privilege to Admin

level.

method_list_name

- Display the specific user-defined method list for promoting a user's

privilege to Admin level.

all

- Display all the method lists for promoting a user's privilege to Admin level.

Restrictions

Only Administrator level users can issue this command.

Example usage:

To display all the method lists that are used for promoting a user's privilege to Admin level:

DGS-3627:admin# show authen_enable all

Command: show authen_enable all

Method List Name

Priority

Method Name

Comment

----------------

--------

---------------

------------------

enable_list_1

1

tacacs+

Built-in Group

2

tacacs

Built-in Group

3

mix_1

User-defined Group

4

local

Keyword

enable_list_2

1

tacacs+

Built-in Group

2

radius

Built-in Group

Total Entries : 2

DGS-3627:admin#

xStack

®

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

64

config authen application

Purpose

This command is used to configure login or enable method lists for all or the specified

applications.

Syntax

config authen application [console | telnet | ssh | http | all] [login | enable] [default |

method_list_name <string 15>]

Description

Configures login or enable method lists for all or the specified applications.

Parameters

console

- Application: Console.

telnet

- Application: Telnet.

ssh

- Application: SSH.

http

- Application: Web.

all

- Application: Console, Telnet, SSH, and Web.

login

- Specify the method list of authentication methods for user’s attempting to log in.

enable

- Specify the method list of authentication methods for promoting a user's privilege to

Admin level.

default

- Specify the default method list.

method_list_name

- Specify the user-defined method list name.

Restrictions

Only Administrator level users can issue this command.

Example usage:

To configure a login method list for Telnet called “login_list_1”:

DGS-3627:admin# config authen application telnet login method_list_name login_list_1

Command: config authen application telnet login method_list_name login_list_1

Success.

DGS-3627:admin#

show authen application

Purpose

This command is used to display the login/enable method list for all applications.

Syntax

show authen application

Description

Displays the login/enable method list for all applications.

Parameters

None.

Restrictions

Only Administrator level users can issue this command.

Example usage:

To display the login/enable method lists for all applications:

DGS-3627:admin# show authen application

Command: show authen application

Application

Login Method List

Enable Method List

-----------

-----------------

------------------

Console

default

default

Telnet

login_list_1

default

HTTP

default

default

DGS-3627:admin#

xStack

®

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

65

create authen server_group

Purpose

This command is used to create a user-defined authentication server group.

Syntax

create authen server_group <string 15>

Description

Creates a user-defined authentication server group. The maximum number of supported

server groups, including the built-in server groups, is 8. Each group can have a maximum of

8 server hosts..

Parameters

<string 15>

- Specify the user-defined server group name.

Restrictions

Only Administrator level users can issue this command.

Example usage:

To create a user-defined authentication server group called “mix_1”:

DGS-3627:admin# create authen server_group mix_1

Command: create authen server_group mix_1

Success.

DGS-3627:admin#

config authen server_group

Purpose

This command is used to add or remove an authentication server host to or from the

specified server group.

Syntax

config authen server_group [tacacs | xtacacs | tacacs+ | radius | <string 15>] [add |

delete] server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius]

Description

Adds or removes an authentication server host to or from the specified server group. The

built-in “tacacs”, “xtacacs”, “tacacs+”, and “radius” server groups only accept server hosts

with the same protocol, but a user-defined server group can accept server hosts with different

protocols. The server host must be created first by using the “create authen server_host” CLI

command.

Parameters

server_group tacacs

- Specify the built-in server group “tacacs”.

server_group xtacacs

- Specify the built-in server group “xtacacs”.

server_group tacacs+

- Specify the built-in server group “tacacs+”.

server_group radius

- Specify the built-in server group “radius”.

server_group

- Specify a user-defined server group.

add

- Add a server host to a server group.

delete

- Remove a server host from a server group.

server_host

- Specify the server host’s IP address.

protocol tacacs

- Specify TACACS for the server host’s authentication protocol

protocol xtacacs

- Specify XTACACS for the server host’s authentication protocol

protocol tacacs+

- Specify TACACS+ for the server host’s authentication protocol

protocol radius

- Specify RADIUS for the server host’s authentication protocol

Restrictions

Only Administrator level users can issue this command.

Example usage:

To add an authentication server host with an IP address of 10.1.1.222 to server group “mix_1”, specifying the TACACS+

protocol:

xStack

®

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

66

DGS-3627:admin# config authen server_group mix_1 add server_host 10.1.1.222 protocol

tacacs+

Command: config authen server_group mix_1 add server_host 10.1.1.222 protocol tacacs+

Success.

DGS-3627:admin#

delete authen server_group

Purpose

This command is used to delete a user-defined authentication server group.

Syntax

delete authen server_group <string 15>

Description

Deletes a user-defined authentication server group.

Parameters

<string 15>

- Specify the user-defined server group name that will be deleted.

Restrictions

Only Administrator level users can issue this command.

Example usage:

To delete a user-defined authentication server group called “mix_1”:

DGS-3627:admin# delete authen server_group mix_1

Command: delete authen server_group mix_1

Success.

DGS-3627:admin#

show authen server_group

Purpose

This command is used to display the authentication server groups.

Syntax

show authen server_group {<string 15>}

Description

Displays the authentication server groups.

Parameters

<string 15>

- Specify the built-in or user-defined server group name to display.

Restrictions

Only Administrator level users can issue this command.

Example usage:

To display all authentication server groups: