Web – Click Security, User Accounts. To configure a new user account, specify a
user name, select the user's access level, then enter a password and confirm it.
Click Add to save the new user account and add it to the Account List. To change the
password for a specific user, enter the user name and new password, confirm the
password by entering it again, then click Apply.
CLI – Assign a user name to access-level 15 (i.e., administrator), then specify the
password.
Console(config)#username bob access-level 15
Console(config)#username bob password 0 smith
Console(config)#
Configuring Local/Remote Logon Authentication
Use the Authentication
Settings menu to restrict
management access based
on specified user names
and passwords. You can
manually configure access
rights on the switch, or you
can use a remote access
authentication server based
on RADIUS or TACACS+
protocols.
Remote Authentication Dial-in User Service (RADIUS) and Terminal Access
Controller Access Control System Plus (TACACS+) are logon authentication
protocols that use software running on a central server to control access to
RADIUS-aware or TACACS-aware devices on the network. An authentication server
Figure 3-1 User Accounts
Web
Telnet
RADIUS/
TACACS+
server
User Authentication
1. Client attempts management access.
2. Switch contacts authentication server.
3. Authentication server challenges client.
4. Client responds with proper password or key.
5. Authentication server approves access.
6. Switch grants management access.
4-76
console
3-55