API Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4248FB-ON /S4248FBL-ON

1031

tacacs-server vrf

Creates an association between a TACACS server group and a VRF and source interface.

Syntax

tacacs-server vrf {management | vrf-name}

Parameters

● management — Enter the keyword to associate TACACS servers to the management VRF instance.

This option restricts the TACACS server association to the management VRF only.

● vrf-name — Enter the keyword then the name of the VRF to associate TACACS servers with that

VRF.

Defaults None.

Command Mode CONFIGURATION

Usage

Information

Use this command to associate TACACS servers with a VRF instance. If you do not configure a VRF in

the TACACS server list, the servers are on the default VRF instance. TACACS server lists and VRFs have

one-to-one mapping. When you remove the VRF instance, the TACACS server lists are also removed

automatically.

The no version of this command resets the value to the default.

Example

[no] tacacs-server management

[no] tacacs-server vrf red

Supported

Releases

10.4.3.0E or later

SSH server

In OS10, the secure shell server allows an SSH client to access an OS10 switch through a secure, encrypted connection. The

SSH server authenticates remote clients using RADIUS challenge/response, a trusted host file, locally-stored passwords, and

public keys.

Configure SSH server

● The SSH server is enabled by default. You can disable the SSH server using the no ip ssh server enable command.

● Challenge response authentication is disabled by default. To enable, use the ip ssh server challenge-response-

authentication command.

● Host-based authentication is disabled by default. To enable, use the ip ssh server hostbased-authentication

command.

● Password authentication is enabled by default. To disable, use the no ip ssh server password-authentication

command.

● Public key authentication is enabled by default. To disable, use the no ip ssh server pubkey-authentication

command.

● Password-less login is disabled by default. To enable, use the username sshkey or username sshkey filename

commands.

● Configure the list of cipher algorithms using the ip ssh server cipher cipher-list command.

● Configure key exchange algorithms using the ip ssh server kex key-exchange-algorithm command.

● Configure hash message authentication code (HMAC) algorithms using the ip ssh server mac hmac-algorithm

command.

● Configure the SSH server listening port using the ip ssh server port port-number command.

● Configure the SSH server to be reachable on the management VRF using the ip ssh server vrf command.

● Configure the SSH login timeout using the ip ssh server login-grace-time seconds command, from 0 to 300;

default 60. To reset the default SSH prompt timer, use the no ip ssh server login-grace-time command.

● Configure the maximum number of authentication attempts using the ip ssh server max-auth-tries number

command, from 0 to 10; default 6. To reset the default, use the no ip ssh server max-auth-tries command.

The max-auth-tries value includes all authentication attempts, including public-key and password. If you enable both,

public-key based authentication and password authentication, the public-key authentication is the default and is tried first. If

1038

Security