Recovery mode users
When RADIUS is used, your RADIUS server provides a role ID to the D20MX. The role ID
defines which commands and displays the user is allowed to access while logged in to the
D20MX. To allow your RADIUS server to provide a role ID, configure your RADIUS server to
use the GE vendor profile that is common to many Multilin products. Refer to the B014-
1NCG WESMAINT II+ for the D20MX Configuration Guide for details on how to configure
your RADIUS server and the D20MX with the GE vendor profile. Also refer to Appendix A,
Default Role-Based Access Control Model for the default role based access control model
provided with the D20MX default configurations.
In the event all configured RADIUS servers are down or if RADIUS is not configured, the
D20MX authenticates the user against the local configuration and password file. Local
users are created with a default password of changeme. Use the passwd command from
the D20MX SHELL prompt to change the default password to a strong password as soon
as possible after downloading the configuration. Refer to the B014-1NCG WESMAINT II+
for the D20MX Configuration Guide for details on how to configure local user accounts and
change the password of a user.
The default configurations for the D20MX come with one default user account with:
Replace this account or change the password for this account as soon as possible. Refer to
the B014-1NCG WESMAINT II+ for the D20MX Configuration Guide for details on how to
modify user accounts and how to change the password of a user.
When the configuration is defaulted due to a corrupt header or if certain configuration
errors exist, the local user accounts becomes unusable. Rather than block access in such
scenarios, the D20MX enables a set of recovery mode users to allow you to recover the
system (see Table 19). The D20MX only allows someone to login with a recovery mode user
over the front RS232 port. The D20MX does not allow someone to login over SSH or SFTP
with a recovery mode user. The D20MX disables recovery mode users once a valid
configuration is synchronized to the D20MX.
Table 19: Recovery mode usernames and passwords
Recovery mode users are granted Read/Write level access to the SHELL.
The recovery mode users are enabled if any of the errors shown in Table 20 are seen on a
serial terminal connected to the front RS232 port of a D20MX. Correct the error as
described in the Remedy column.
CHAPTER 5: CONFIGURING THE SOFTWARE
D20MX HARDWARE USER'S MANUAL