Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products
Sign In Create an Account Premier Sign In Partner Program Sign In
Contact Us

How to configure Radius or TACACS authentication for switch management on N-series switches

Summary: This article explains how to configure TACACS or Radius authentication on N-series switches.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

Configuring the switch

In the examples, we configure the switch to authenticate using radius or TACACS for telnet login sessions only. This is a basic configuration - see the User Guide for your switch and firmware version for more details and options on the Dell Support Site.

Note: Command syntax is different between firmware versions for the definition of the radius server only (noted in the example).

Note: Both RADIUS and the local user database cannot be used simultaneously. If the radius server does not respond, radius login failover occurs to the next configured option. If the RADIUS server sends a response of "Auth Fail," the login process stops and the next configured login method is ignored.


The below command creates a login authentication list called "RadLogin" that contains the method radius. If this method fails, then the user fails to perform the enable command.

switch(config)#aaa authentication login "RadLogin" radius


Next, we create an enable authentication list called "RadEnable" that contains the method radius. If this method fails, then the user fails to perform the enable command.

switch(config)#aaa authentication enable "RadEnable" radius


Now we can configure the Radius server's IP address, and shared key. The below example uses 10.0.0.254 as the radius server's IP address, and RadiusKey as the shared key configured on the radius server.
  • For firmware 6.3.x.x or earlier
    • switch(config)#radius-server host 10.0.0.254
  • For firmware 6.4.x.x or later
    • switch(config)#radius server auth 10.0.0.254
switch(config-auth-radius)#key RadiusKey
switch(config-auth-radius)#exit


We then enable the Radius authentication list, and enable authentication list for Telnet below.

switch(config)#line telnet
switch(config-telnet)#login authentication RadLogin
switch(config-telnet)#enable authentication RadEnable


The below configuration is a similar example using TACACS instead of Radius. The process is almost identical.
 
aaa authentication login "TacLogin" tacacs 
aaa authentication enable "TacEnable" tacacs
tacacs-server host 10.0.0.254
key "TacacsKey"
exit
line telnet
login authentication TacLogin
enable authentication TacEnable
exit

Here are some commands that show information about TACACS and Radius.
 
Show authentication methods Displays authentication configuration
Show radius statistics Displays radius authentication attempts, failures, and basic statistics
Show aaa servers Shows all configured aaa servers and statistics
Show tacacs Shows configured TACACS servers
Show log Shows system logs and messages. Informs if Radius authentication attempts are rejected by a server, and other useful information.

Affected Products

PowerSwitch N1100-ON Series, PowerSwitch N1500 Series, PowerSwitch N3000 Series, PowerSwitch N4000 Series

Products

N Series, PowerSwitch N1100-ON Series, PowerSwitch N1500 Series, PowerSwitch N2000 Series, PowerSwitch N2100 Series, PowerSwitch N2200-ON Series, PowerSwitch N3000 Series, Dell EMC PowerSwitch N3000E-ON Series, Dell EMC PowerSwitch N3100 Series , Dell EMC Networking N3200-ON ...
Article Properties
Article Number: 000112951
Article Type: How To
Last Modified: 04 Feb 2022
Version:  7
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.