Dell PowerConnect M6348 Cli Reference Manual page 130
Command line interface guide
Hide thumbs
Also See for PowerConnect M6348:
- Getting started manual (208 pages) ,
- Configuration manual (158 pages) ,
- User configuration manual (1294 pages)
Table of Contents
Advertisement
•
The user password is saved internally in encrypted format and never appears in clear text
anywhere on the CLI.
•
The CLI supports TACACS+ and Radius authentication servers.
•
The CLI allows the user to configure primary and secondary authentication servers. If the
primary authentication server fails to respond within a configurable period, the CLI
automatically tries the secondary authentication server.
•
The user can specify whether the CLI should revert to using local user accounts when the
remote authentication servers do not respond or if the CLI simply fails the login attempt
because the authentication servers are down. This requirement applies only when the user is
login through a telnet or an SSH session.
•
The CLI always allows the user to log in to a local serial port even if the remote
authentication server(s) are down. In this case, CLI reverts to using the locally configured
accounts to allow the user to log in.
User Access Control
In addition to authenticating a user, the CLI also assigns the user access to one of three security
levels. Level 1 has read-only access. This level allow the user to read information but not
configure the switch. The access to this level cannot be modified. Level 14 has access to all
functions within the switch except changing the mode. Level 15 is the special access level
assigned to the superuser of the switch. This level has full access to all functions within the
switch and can not be modified.
If the user account is created and maintained locally, each user is given an access level at the
time of account creation. If the user is authenticated through remote authentication servers, the
authentication server is configured to pass the user access level to the CLI when the user is
authenticated. When Radius is used, the
for the user. Two vendor specific options are supported. These are CISCO-AV-Pairs(Shell:priv-
lvl=x) and Dell Radius VSA (user-group=x). TACACS+ provides the appropriate level of
access.
The following rules and specifications apply:
•
The user determines whether remote authentication servers or locally defined user
authentication accounts are used.
•
If authentication servers are used, the user can identify at least two remote servers (the user
may choose to configure only one server) and what protocol to use with the server, TACACS+
or Radius. One of the servers is primary and the other is the secondary server (the user is not
required to specify a secondary server). If the primary server fails to respond in a configurable
time period, the CLI automatically attempts to authenticate the user with the secondary
server.
•
The user is able to specify what happens when both primary and secondary servers fail to
respond. In this case, the user is able to indicate that the CLI should either use the local user
accounts or reject all requests.
130
Vendor-Specific Option
field returns the access level
- Quick Links:
- Cli Reference Guide
- Introduction
- Layer 2 Commands
Hide quick links:
Advertisement
Chapters
Table of Contents
