Manualshelf

Setup Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S5048F-ON
831832833834835836837838839840
VTY Line and Access-Class Conguration
Various methods are available to restrict VTY access in . These depend on which authentication scheme you use — line, local, or remote.
Table 94. VTY Access
Authentication Method VTY access-class support? Username access-class
support?
Remote authorization support?
Line YES NO NO
Local NO YES NO
TACACS+ YES NO YES (with version 5.2.1.0 and
later)
RADIUS YES NO YES (with version 6.1.1.0 and
later)
provides several ways to congure access classes for VTY lines, including:
VTY Line Local Authentication and Authorization
VTY Line Remote Authentication and Authorization
VTY Line Local Authentication and Authorization
retrieves the access class from the local database.
To use this feature:
1 Create a username.
2 Enter a password.
3 Assign an access class.
4 Enter a privilege level.
You can assign line authentication on a per-VTY basis; it is a simple password authentication, using an access-class as authorization.
Congure local authentication globally and congure access classes on a per-user basis.
can assign dierent access classes to dierent users by username. Until users attempt to log in, does not know if they will be assigned a
VTY line. This means that incoming users always see a login prompt even if you have excluded them from the VTY line with a deny-all
access class. After users identify themselves, retrieves the access class from the local database and applies it. ( then can close the
connection if a user is denied access.)
NOTE
: If a VTY user logs in with RADIUS authentication, the privilege level is applied from the RADIUS server only if you
congure RADIUS authentication.
The following example shows how to allow or deny a Telnet connection to a user. Users see a login prompt even if they cannot log in. No
access class is congured for the VTY line. It defaults from the local database.
Example of Conguring VTY Authorization Based on Access Class Retrieved from a Local Database (Per User)
DellEMC(conf)#user gooduser password abc privilege 10 access-class permitall
DellEMC(conf)#user baduser password abc privilege 10 access-class denyall
DellEMC(conf)#
DellEMC(conf)#aaa authentication login localmethod local
DellEMC(conf)#
DellEMC(conf)#line vty 0 9
DellEMC(config-line-vty)#login authentication localmethod
DellEMC(config-line-vty)#end
Security
833