Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4112F-ON/S4112T-ON
1341134213431344134513461347134813491350
console Configure authorization for console-entered commands.
default Configure authorization for non-console-entered commands and commands entered in
non-console sessions, such as in SSH and VTY.
local Use the local username, password, and role entries configured with the username
password role command for command authorization.
group tacacs+ Use the TACACS+ servers configured with the tacacs-server host
command for command authorization.
Default Local authorization
Command Mode
CONFIGURATION
Usage
Information
Re-enter the command to configure additional authorization methods and CLI access. The authorization
methods in the method list execute in the order you configure them. Re-enter the methods to change the
order. The local authorization method remains enabled even if you remove all configured methods in the
list using the no aaa authorization command.
If a console user logs in with TACACS+ authorization, the role you configured for the user on the TACACS
+ server applies. If no role is configured on the security server, user authorization fails.
Example
OS10(config)# aaa authorization commands role sysadmin console group
tacacs+ local
OS10(config)# aaa authorization config-commands role sysadmin default
group tacacs+
OS10(config)# no aaa authorization commands role sysadmin console
Supported
Releases
10.5.1 or later
aaa re-authenticate enable
Requires user re-authentication after a change in the authentication method or server.
Syntax
aaa re-authenticate enable
Parameters None
Default Disabled
Command Mode EXEC
Usage
Information
After you enable user re-authentication and change the authentication method or server, users are logged
out of the switch and prompted to log in again to re-authenticate. User re-authentication is triggered by:
Adding or removing a RADIUS server as a configured server host with the radius-server host
command.
Adding or removing an authentication method with the aaa authentication [local |
radius] command.
The no version of the command disables user re-authentication.
Example
OS10(config)# aaa re-authenticate enable
Supported
Releases
10.4.0E(R1) or later
1346 Security