Page 66 / 757 Scroll up to view Page 61 - 65
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
62
DGS-3627:admin# create authen_enable method_list_name enable_list_1
Command: create authen_enable method_list_name enable_list_1
Success.
DGS-3627:admin#
config authen_enable
Purpose
This command is used to configure a user-defined or default method list of authentication
methods for promoting a user's privilege to Admin level.
Syntax
config authen_enable [default | method_list_name <string 15>] method {tacacs |
xtacacs | tacacs+ | radius | server_group <string 15> | local _enable | none}(1)
Description
Configures a user-defined or default method list of authentication methods for promoting a
user's privilege to Admin level. The sequence of methods will affect the authentication result.
For example, if the sequence is tacacs+ first, followed by tacacs and local_enable, when a
user tries to login, the authentication request will be sent to the first server host in the tacacs+
built-in server group. If the first server host in the tacacs+ group is missing, the authentication
request will be sent to the second server host in the tacacs+ group, and so on. If all server
hosts in the tacacs+ group are missing, the authentication request will be sent to the first
server host in the tacacs group. If all server hosts in the tacacs group are missing, the local
enable password in the device will be used to authenticate the user’s password. The local
enable password in the device can be configured using the “config admin local_password”
CLI command.
Parameters
default
- Specify the default method list of authentication methods.
method_list_name
- Specify the user-defined method list of authentication methods.
tacacs
- Specify authentication by the built-in server group “tacacs”.
xtacacs
- Specify authentication by the built-in server group “xtacacs”.
tacacs+
- Specify authentication by the built-in server group “tacacs+”.
radius
- Specify authentication by the built-in server group “radius”.
server_group
- Specify authentication by the user-defined server group.
local_enable
- Specify authentication by the local enable password in the device.
none
- Specify no authentication.
Restrictions
Only Administrator level users can issue this command.
Example usage:
To configure a user-defined method list called “method_list_name” that will be used to promote a user's privilege to
Admin level:
DGS-3627:admin# config authen_enable method_list_name enable_list_1 method tacacs+ tac
acs local_enable
Command: config authen_ enable method_list_name enable_list_1 method tacacs+ tacac
s local_enable
Success.
DGS-3627:admin#
delete authen_enable method_list_name
Purpose
This command is used to delete a user-defined method list of authentication methods for
promoting a user's privilege to Admin level.
Syntax
delete authen_enable method_list_name <string 15>
Page 67 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
63
delete authen_enable method_list_name
Description
Deletes a user-defined method list of authentication methods for promoting a user's privilege
to Admin level.
Parameters
<string 15>
- The user-defined method list name
Restrictions
Only Administrator level users can issue this command.
Example usage:
To delete the user-defined method list called “enable_list_1”, that is used to promote a user's privilege to Admin level:
DGS-3627:admin# delete authen_enable method_list_name enable_list_1
Command: delete authen_enable method_list_name enable_list_1
Success.
DGS-3627:admin#
show authen_enable
Purpose
This command is used to display the method list of authentication methods for promoting a
user's privilege to Admin level.
Syntax
show authen_enable [default | method_list_name <string 15> | all]
Description
Displays the method list of authentication methods used for promoting a user's privilege to
Admin level.
Parameters
default
- Display the default user-defined method list for promoting a user's privilege to Admin
level.
method_list_name
- Display the specific user-defined method list for promoting a user's
privilege to Admin level.
all
- Display all the method lists for promoting a user's privilege to Admin level.
Restrictions
Only Administrator level users can issue this command.
Example usage:
To display all the method lists that are used for promoting a user's privilege to Admin level:
DGS-3627:admin# show authen_enable all
Command: show authen_enable all
Method List Name
Priority
Method Name
Comment
----------------
--------
---------------
------------------
enable_list_1
1
tacacs+
Built-in Group
2
tacacs
Built-in Group
3
mix_1
User-defined Group
4
local
Keyword
enable_list_2
1
tacacs+
Built-in Group
2
radius
Built-in Group
Total Entries : 2
DGS-3627:admin#
Page 68 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
64
config authen application
Purpose
This command is used to configure login or enable method lists for all or the specified
applications.
Syntax
config authen application [console | telnet | ssh | http | all] [login | enable] [default |
method_list_name <string 15>]
Description
Configures login or enable method lists for all or the specified applications.
Parameters
console
- Application: Console.
telnet
- Application: Telnet.
ssh
- Application: SSH.
http
- Application: Web.
all
- Application: Console, Telnet, SSH, and Web.
login
- Specify the method list of authentication methods for user’s attempting to log in.
enable
- Specify the method list of authentication methods for promoting a user's privilege to
Admin level.
default
- Specify the default method list.
method_list_name
- Specify the user-defined method list name.
Restrictions
Only Administrator level users can issue this command.
Example usage:
To configure a login method list for Telnet called “login_list_1”:
DGS-3627:admin# config authen application telnet login method_list_name login_list_1
Command: config authen application telnet login method_list_name login_list_1
Success.
DGS-3627:admin#
show authen application
Purpose
This command is used to display the login/enable method list for all applications.
Syntax
show authen application
Description
Displays the login/enable method list for all applications.
Parameters
None.
Restrictions
Only Administrator level users can issue this command.
Example usage:
To display the login/enable method lists for all applications:
DGS-3627:admin# show authen application
Command: show authen application
Application
Login Method List
Enable Method List
-----------
-----------------
------------------
Console
default
default
Telnet
login_list_1
default
HTTP
default
default
DGS-3627:admin#
Page 69 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
65
create authen server_group
Purpose
This command is used to create a user-defined authentication server group.
Syntax
create authen server_group <string 15>
Description
Creates a user-defined authentication server group. The maximum number of supported
server groups, including the built-in server groups, is 8. Each group can have a maximum of
8 server hosts..
Parameters
<string 15>
- Specify the user-defined server group name.
Restrictions
Only Administrator level users can issue this command.
Example usage:
To create a user-defined authentication server group called “mix_1”:
DGS-3627:admin# create authen server_group mix_1
Command: create authen server_group mix_1
Success.
DGS-3627:admin#
config authen server_group
Purpose
This command is used to add or remove an authentication server host to or from the
specified server group.
Syntax
config authen server_group [tacacs | xtacacs | tacacs+ | radius | <string 15>] [add |
delete] server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius]
Description
Adds or removes an authentication server host to or from the specified server group. The
built-in “tacacs”, “xtacacs”, “tacacs+”, and “radius” server groups only accept server hosts
with the same protocol, but a user-defined server group can accept server hosts with different
protocols. The server host must be created first by using the “create authen server_host” CLI
command.
Parameters
server_group tacacs
- Specify the built-in server group “tacacs”.
server_group xtacacs
- Specify the built-in server group “xtacacs”.
server_group tacacs+
- Specify the built-in server group “tacacs+”.
server_group radius
- Specify the built-in server group “radius”.
server_group
- Specify a user-defined server group.
add
- Add a server host to a server group.
delete
- Remove a server host from a server group.
server_host
- Specify the server host’s IP address.
protocol tacacs
- Specify TACACS for the server host’s authentication protocol
protocol xtacacs
- Specify XTACACS for the server host’s authentication protocol
protocol tacacs+
- Specify TACACS+ for the server host’s authentication protocol
protocol radius
- Specify RADIUS for the server host’s authentication protocol
Restrictions
Only Administrator level users can issue this command.
Example usage:
To add an authentication server host with an IP address of 10.1.1.222 to server group “mix_1”, specifying the TACACS+
protocol:
Page 70 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
66
DGS-3627:admin# config authen server_group mix_1 add server_host 10.1.1.222 protocol
tacacs+
Command: config authen server_group mix_1 add server_host 10.1.1.222 protocol tacacs+
Success.
DGS-3627:admin#
delete authen server_group
Purpose
This command is used to delete a user-defined authentication server group.
Syntax
delete authen server_group <string 15>
Description
Deletes a user-defined authentication server group.
Parameters
<string 15>
- Specify the user-defined server group name that will be deleted.
Restrictions
Only Administrator level users can issue this command.
Example usage:
To delete a user-defined authentication server group called “mix_1”:
DGS-3627:admin# delete authen server_group mix_1
Command: delete authen server_group mix_1
Success.
DGS-3627:admin#
show authen server_group
Purpose
This command is used to display the authentication server groups.
Syntax
show authen server_group {<string 15>}
Description
Displays the authentication server groups.
Parameters
<string 15>
- Specify the built-in or user-defined server group name to display.
Restrictions
Only Administrator level users can issue this command.
Example usage:
To display all authentication server groups:

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top