948 | Securityw w w . d e l l . c o m | s u p p o r t . d e l l . c o mVTY Line and Access-Class ConfigurationVarious methods are available to restrict VTY access in FTOS. These depend on which authenticationscheme you use — line, local, or remote:FTOS provides several ways to configure access classes for VTY lines, including:• VTY Line Local Authentication and Authorization on page 948• VTY Line Remote Authentication and Authorization on page 949VTY Line Local Authentication and AuthorizationFTOS retrieves the access class from the local database. To use this feature:1. Create a username2. Enter a password3. Assign an access class4. Enter a privilege levelLine authentication can be assigned on a per-VTY basis; it is a simple password authentication, using anaccess-class as authorization.Local authentication is configured globally. You configure access classes on a per-user basis.FTOS can assign different access classes to different users by username. Until users attempt to log in,FTOS does not know if they will be assigned a VTY line. This means that incoming users always see alogin prompt even if you have excluded them from the VTY line with a deny-all access class. Once usersidentify themselves, FTOS retrieves the access class from the local database and applies it. (FTOS alsosubsequently can close the connection if a user is denied access).Figure 45-16 shows how to allow or deny a Telnet connection to a user. Users will see a login prompt, evenif they cannot login. No access class is configured for the VTY line. It defaults from the local database.Table 45-1. VTY AccessAuthentication MethodVTY access-classsupport?Usernameaccess-classsupport? Remote authorization support?Line YES NO NOLocal NO YES NOTACACS+ YES NO YES (with FTOS 5.2.1.0 and later)RADIUS YES NO YES (with FTOS 6.1.1.0 and later)