xStack

®

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

67

DGS-3627:admin# show authen server_group

Command: show authen server_group

Server Group : mix_1

Group Name

IP Address

Protocol

---------------

---------------

--------

mix_1

10.1.1.222

TACACS+

10.1.1.223

TACACS

radius

10.1.1.224

RADIUS

tacacs

10.1.1.225

TACACS

tacacs+

10.1.1.226

TACACS+

xtacacs

10.1.1.227

XTACACS

Total Entries : 5

DGS-3627:admin#

create authen server_host

Purpose

This command is used to create an authentication server host.

Syntax

create authen server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius] { port

<int 1-65535> | key [<key_string 254> | none] | timeout <int 1-255> | retransmit <int 1-

20> }

Description

Creates an authentication server host. When an authentication server host is created, the IP

address and protocol are the index. This means that more than one authentication protocol

service can be run on the same physical host. The maximum number of supported server

hosts is 16.

Parameters

server_host

- Specify the server host’s IP address.

protocol tacacs

- Specify that the server host’s authentication protocol will be TACACS.

protocol xtacacs

- Specify that the server host’s authentication protocol will be XTACACS.

protocol tacacs+

- Specify that the server host’s authentication protocol will be TACACS+..

protocol radius

- Specify that the server host’s authentication protocol will be RADIUS.

port

- The port number of the authentication protocol for the server host. Default value for

TACACS/XTACACS/TACACS+ is 49. Default value for RADIUS is 1812.

key

- The key for TACACS+ and RADIUS authentication. If the value is null, no encryption

will apply. This value is meaningless for TACACS and XTACACS.

none

- No encryption for TACACS+ and RADIUS authentication. This value is meaningless

for TACACS and XTACACS.

timeout

- The time in seconds to wait for the server reply. Default value is 5 seconds.

retransmit

- The count for re-transmissions. This value is meaningless for TACACS+. Default

value is 2.

Restrictions

Only Administrator level users can issue this command.

Example usage:

To create a TACACS+ authentication server host, specifying a listening port number of 15555 and a timeout value of 10

seconds:

xStack

®

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

68

DGS-3627:admin# create authen server_host 10.1.1.222 protocol tacacs+ port 15555 timeout

10

Command: create authen server_host 10.1.1.222 protocol tacacs+ port 15555 timeout 10

Success.

DGS-3627:admin#

config authen server_host

Purpose

This command is used to configure an authentication server host.

Syntax

config authen server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius] { port

<int 1-65535> | key [<key_string 254> | none ] | timeout <int 1-255> | retransmit <int 1-

20> }

Description

Configures an authentication server host.

Parameters

server_host

- Specify the server host’s IP address.

protocol tacacs

- Specify that the server host’s authentication protocol will be TACACS.

protocol xtacacs

- Specify that the server host’s authentication protocol will be XTACACS.

protocol tacacs+

- Specify that the server host’s authentication protocol will be TACACS+.

protocol radius

- Specify that the server host’s authentication protocol will be RADIUS.

port

- The port number of the authentication protocol for the server host. Default value for

TACACS/XTACACS/TACACS+ is 49. Default value for RADIUS is 1812.

key

- The key for TACACS+ and RADIUS authentication. If the value is null, no encryption

will apply. This value is meaningless for TACACS and XTACACS.

none

- No encryption for TACACS+ and RADIUS authentication. This value is meaningless

for TACACS and XTACACS.

timeout

- The time in seconds for waiting for the server reply. Default value is 5 seconds.

retransmit

- The count for re-transmissions. This value is meaningless for TACACS+. Default

value is 2.

Restrictions

Only Administrator level users can issue this command.

Example usage:

To configure the TACACS+ authentication server host with an IP address of 10.1.1.222 to have the key value “This is a

secret”:

DGS-3627:admin# config authen server_host 10.1.1.222 protocol tacacs+ key "This is a

secret"

Command: config authen server_host 10.1.1.222 protocol tacacs+ key "This is a se

cret"

Success.

DGS-3627:admin#

delete authen server_host

Purpose

This command is used to delete an authentication server host.

Syntax

delete authen server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius]

Description

Deletes an authentication server host.

Parameters

server_host

- Specify the server host’s IP address.

protocol tacacs

- Specify that the server host’s authentication protocol is TACACS.

xStack

®

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

69

delete authen server_host

protocol xtacacs

- Specify that the server host’s authentication protocol is XTACACS.

protocol tacacs+

- Specify that the server host’s authentication protocol is TACACS+.

protocol radius

- Specify that the server host’s authentication protocol is RADIUS.

Restrictions

Only Administrator level users can issue this command.

Example usage:

To delete an authentication server host, with an IP address of 10.1.1.222, that is running the TACACS+ protocol:

DGS-3627:admin# delete authen server_host 10.1.1.222 protocol tacacs+

Command: delete authen server_host 10.1.1.222 protocol tacacs+

Success.

DGS-3627:admin#

show authen server_host

Purpose

This command is used to display the authentication server hosts.

Syntax

show authen server_host

Description

Displays the authentication server hosts.

Parameters

None.

Restrictions

Only Administrator level users can issue this command.

Example usage:

To display all authentication server hosts:

DGS-3627:admin# show authen server_host

Command: show authen server_host

SRV IP Address

Protocol

Port

Timeout

Retransmit

Key

---------------

--------

-----

-------

----------

-------------------------

10.1.1.222

TACACS+

15555

10

No Use

Total Entries : 1

DGS-3627:admin#

config authen parameter response_timeout

Purpose

This command is used to configure the amount of time the Switch will wait for a user to

authenticate through a console, Telnet, or SSH application.

Syntax

config authen parameter response_timeout <int 0-255>

Description

Configure the amount of time the Switch will wait for a user to authenticate through a

console, Telnet, or SSH application.

Parameters

<int 0-255>

- The amount time the Switch will wait for a user to authenticate through a

console, Telnet, or SSH application. 0 means there is no time out. Default value is 30

seconds.

Restrictions

Only Administrator level users can issue this command.

xStack

®

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

70

Example usage:

To configure the amount of time the Switch will wait for a user to authenticate through a console, Telnet, or SSH

application to 60 seconds:

DGS-3627:admin# config authen parameter response_timeout 60

Command: config authen parameter response_timeout 60

Success.

DGS-3627:admin#

config authen parameter attempt

Purpose

This command is used to configure the maximum number of attempts a user can try to login

or promote the privilege on a console, Telnet, or SSH application.

Syntax

config authen parameter attempt <int 1-255>

Description

Used to configure the maximum number of attempts that a user can try to login or promote

the privilege on a console, Telnet, or SSH application. If failed login attempts exceeds this

number, the connection or access will be locked.

Parameters

<int 1-255>

- Specify the maximum number of attempts that a user can try to login or promote

the privilege on a console or telnet or SSH application. Default value is 3.

Restrictions

Only Administrator level users can issue this command.

Example usage:

To configure the maximum attempts for user's trying to login or promote the privilege to be 9:

DGS-3627:admin# config authen parameter attempt 9

Command: config authen parameter attempt 9

Success.

DGS-3627:admin#

show authen parameter

Purpose

This command is used to display the parameters of authentication.

Syntax

show authen parameter

Description

Displays the parameters of authentication.

Parameters

None.

Restrictions

Only Administrator level users can issue this command.

Example usage:

To display the parameters of authentication:

xStack

®

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

71

DGS-3627:admin#

show authen parameter

Command: show authen parameter

Response timeout : 60 seconds

User attempts

: 9

DGS-3627:admin#

enable admin

Purpose

This command is used to enter the administrator level privilege

Syntax

enable admin

Description

Promote the "user" privilege level to "admin" level. When the user enters this command, the

authentication method tacacs, xtacacs, tacacs+, user-defined server groups, local_enable or

none will be used to authenticate the user. Since TACACS, XTACACS and RADIUS do not

support the "enable" function by their selves,, if the user wants to use either one of these

three protocols to enable authentication, the user must create a special account on the server

host first, which has a username of "enable", and then configure its password as the enable

password to support the "enable" function.

This command can not be used when the authentication policy is disabled.

For switches with 3-levels of privilege, this command can be used by users with user level

and operator level privileges to access the administrator privilege level.

Parameters

None.

Restrictions

None.

Example usage:

To enable administrator level privileges:

DGS-3627:user# enable admin

Password:********

DGS-3627:user#

config admin local_enable

Purpose

This command is used to configure the local enable password of the administrator level

privilege.

Syntax

config admin local_enable

Description

Configure the local enable password for the enable command. When the user chooses the

“local_enable” method to promote the privilege level, the enable password of the local device

is needed.

When the password information is not specified in the command, the system will prompt the

user to input the password interactively. In this case, the user can only input a plain text

password. If the password is present in the command, the user can select to input the

password in plain text or

encrypted form. The encryption algorithm is based on SHA-1.

Parameters

None.

Restrictions

Only Administrator level users can issue this command.

Example usage:

To configure the administrator password: