DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual
177
Figure 5 - 40 Login Method Lists window
The Switch contains one Method List that is set and cannot be rem oved, yet can be modified. To delete a Login
Method List defined by the user, click the corressponding Delete button. To modify a Login Method List, click on its
corresponding Edit button.
To define a Login Method List, set the following parameters and click Apply:
Parameter Description
Method List Name Enter a method list name defined by the user of up to 15 characters.
Priority 1, 2, 3, 4 The user may add one, or a combination of up to four of the following authenticat ion
methods to this method list:
tacacs – Adding this parameter will requ ire the user to be aut henticated us ing the T ACACS
protocol from a remote TACACS server.
xtacacs – Adding this parameter will require the user to be authenticated us ing the
XTACACS protocol from a remote XTACACS server.
tacacs+ – Adding this parameter will require the user to be authenticated using the
TACACS+ protocol from a remote TACACS+ server.
radius – Adding this param eter will require the user to be authenticated using t he RADIUS
protocol from a remote RADIUS server.
server_group – Adding this parameter will require the user to be a uthentic ated using a user -
defined server group previously configured on the Switch.
local – Adding this par ameter will requir e the user to be authenticated using t he local user
account database on the Switch.
none – Adding this parameter will require no authentication to access the S witch.
Enable Method Lists The Enable Method List Settings window is used to set up Method Lists to promote users with user level privileges
to Administrator (Admin) level privileges using authentication methods on the Switch. Once a user acquires norm al
user level privileges on the Switch, he or she must be authenticat ed by a m ethod on th e Switch to g ain administr ator
privileges on the Switch, which is defined by the Administrator. A maximum of eight Enable Method Lists can be
implemented on the Switch, one of which is a default Enable M ethod List. T his default Enable Method List canno t be
deleted but can be configured.
The sequence of methods implemented in this command will aff ect the authentication res ult. For example, if a user
enters a sequence of methods like TACACS - XTACACS - Local Enable, the Switch will send an authentication
request to the first TACACS host in the server group. If no verification is foun d, the Swi tch wi ll send an a uthentica tion
request to the second TACACS host in the server group and so on, until the list is exhausted. At that point, t he Switc h
will restart the same sequence with the following protocol listed, XTACACS. If no auth entication tak es place using the
XTACACS list, the Local Enable password set in the Switch is used to aut henticate the user.
Successful authentication using any of these methods will give the user an "Admin" privilege.