How to configure Radius or TACACS authentication for switch management on N series switches

How to configure Radius or TACACS authentication for switch management on N series switches


This article explains how to configure TACACS or Radius authentication on N series switches.


To log into the switches with Radius credentials, the following is configured on the switch.

Note: When configuring alternate methods of switch management, please use a serial connection in case management is lost via remote management.

switch> enable
switch# config


The below command gives the authentication list the name Radius with the ability to log in with radius credentials, and if the radius server is down, fall back onto locally configured credentials.
switch(config)#aaa authentication login "Radius" radius local

The below command creates an enable authentication list called "RadEn" that contains the method radius. If this method fails, then the user will fail to execute the enable command.
switch(config)#aaa authentication enable "RadEn" radius

Then configure the Radius servers IP address, and shared key. The below example uses 10.0.0.254 as the radius servers IP address, and radius as the shared key configured on the radius server.
switch(config)#radius-server host 10.0.0.254
switch(config-auth-radius)#key radius


We then enable the Radius authentication list, and enable authentication list for Telnet below.
switch(config)#line telnet
switch(config-telnet)#login authentication Radius
switch(config-telnet)#enable authentication RadEn


The below configuration is a similar example using TACACS instead of Radius. The process is almost identical.


aaa authentication login "tacplus" tacacs local
aaa authentication enable "tacp" tacacs
tacacs-server host 10.0.0.254
key "tacacs"
exit
line telnet
login authentication tacplus
enable authentication tacp
exit


Here are some commands that show information about TACACS and Radius.


Show authentication methods Displays authentication configuration
Show radius statistics Displays radius authentication attempts, failures, and basic statistics.
Show aaa servers Shows all configured aaa servers and statistics
Show tacacs Shows configured TACACS servers
Show log Shows system logs and messages. Informs if Radius authentication attempts have been rejected by a server, and other useful information.


Need more help?

Dell KB Support

Find additional Product Resources

Dell Forum Support

Visit and ask for support in our Communities

Dell Contact Support

Create an online support Request





Article ID: HOW10768

Last Date Modified: 09/14/2019 01:23 AM


Rate this article

Accurate
Useful
Easy to understand
Was this article helpful?
Yes No
Send us feedback
Comments cannot contain these special characters: <>()\
Sorry, our feedback system is currently down. Please try again later.

Thank you for your feedback.