Dell Networking OS6 - How to configure Radius or Tacacs for switch management
Summary: This article explains how to configure TACACS or Radius authentication on N-series switches.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
Configuring the switch
In the examples, we configure the switch to authenticate using radius or TACACS for telnet login sessions only. This is a basic configuration - see the User Guide for your switch and firmware version for more details and options on the Dell Support Site.
Note: Command syntax is different between firmware versions for the definition of the radius server only (noted in the example).
Note: Both RADIUS and the local user database cannot be used simultaneously. If the radius server does not respond, radius login failover occurs to the next configured option. If the RADIUS server sends a response of "Auth Fail," the login process stops and the next configured login method is ignored.
The below command creates a login authentication list called "RadLogin" that contains the method radius. If this method fails, then the user fails to perform the enable command.
switch(config)#aaa authentication login "RadLogin" radius
Next, we create an enable authentication list called "RadEnable" that contains the method radius. If this method fails, then the user fails to perform the enable command.
switch(config)#aaa authentication enable "RadEnable" radius
Now we can configure the Radius server's IP address, and shared key. The below example uses 10.0.0.254 as the radius server's IP address, and RadiusKey as the shared key configured on the radius server.
- For firmware 6.3.x.x or earlier
switch(config)#radius-server host 10.0.0.254
- For firmware 6.4.x.x or later
switch(config)#radius server auth 10.0.0.254
switch(config-auth-radius)#key RadiusKeyswitch(config-auth-radius)#exit
We then enable the Radius authentication list, and enable authentication list for Telnet below.
switch(config)#line telnetswitch(config-telnet)#login authentication RadLoginswitch(config-telnet)#enable authentication RadEnable
The below configuration is a similar example using TACACS instead of Radius. The process is almost identical.
aaa authentication login "TacLogin" tacacs
aaa authentication enable "TacEnable" tacacs
tacacs-server host 10.0.0.254
key "TacacsKey"
exit
line telnet
login authentication TacLogin
enable authentication TacEnable
exit
Here are some commands that show information about TACACS and Radius.
Show authentication methods |
Displays authentication configuration |
Show radius statistics |
Displays radius authentication attempts, failures, and basic statistics |
Show aaa servers |
Shows all configured aaa servers and statistics |
Show tacacs |
Shows configured TACACS servers |
Show log |
Shows system logs and messages. Logs should show if Radius authentication attempts were rejected by a server, and other useful information. |
Affected Products
PowerSwitch N1100-ON Series, PowerSwitch N1500 Series, PowerSwitch N3000 Series, PowerSwitch N4000 SeriesProducts
N Series, PowerSwitch N1100-ON Series, PowerSwitch N1500 Series, PowerSwitch N2000 Series, PowerSwitch N2100 Series, PowerSwitch N2200-ON Series, PowerSwitch N3000 Series, Dell EMC PowerSwitch N3000E-ON Series, Dell EMC PowerSwitch N3100 Series
, Dell EMC Networking N3200-ON
...
Article Properties
Article Number: 000112951
Article Type: How To
Last Modified: 25 Sept 2025
Version: 10
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.