Cisco SFS7000P-SK9 Command Reference - Page 22

1-4

Cisco SFS 7000 Series Product Family Command Reference Guide

OL-9163-02

Chapter 1

Using the CLI

Entering CLI Modes

When local authentication is in effect and a user logs in, the user must be configured as a CLI user. The

login username and password are verified against the local CLI user database. If a match is found, the

login succeeds, and the user is assigned a pre-configured privilege level.

When TACACS+ authentication is in effect, the login username and password are passed to the

TACACS+ server for verification. The TACACS+ server verifies the login username and password, and

it sends back a reply. No TACACS+ user information is stored locally. The

show user all

command

shows local users only.

The

config TACACS-server host

command (see

config TACACS-server host, page 2-22

) configures the

IP address of TACACS+ servers. There can be three TACACS+ servers configured. The first server is

queried, the second server is queried if the first server is not reachable, and the third server is queried if

the both of the other servers are not reachable.

Cisco supports only TACACS+ authentication; therefore, no privilege level is verified against the

TACACS+ server. All users authenticated by the TACACS+ server are given unrestricted rights. If a

TACACS+ user makes changes to system configuration, the log will include the TACACS+ username

and the config information, just as it does for a local user.

Like RADIUS users, the TACACS+ users do not have associating SNMP community strings. There are

no SNMP logins for TACACS+ users.

Note

The following are limitations to TACACS+ authentication:

TACACS+ authorization and accounting are not supported.

TACACS+ single-connection not supported. Each login authentication makes its own connection to the

TACACS+ server.

TACACS+ user privilege level is always unrestricted.

Customizing the Login Prompt

The CLI checks the file

login-banner

for customized text to include in the prompt. Use the copy

command to place a file named

login-banner

in the config directory of the switch. You can do this with

FTP:

copy ftp://user:xxx.x.x.x/my-banner config:login-banner

Entering CLI Modes

The CLI uses the following three command modes:

•

User Execute mode

•

Privileged Execute mode

•

Global Configuration mode

local and then TACAS

Verifies against the chassis database then checks the TACAS client.

TACAS and then local

Checks the TACAS client and then verifies against the chassis

database.

Authentication

How it Works

Section	Page
Cisco SFS 7000 Series Product Family Command Reference Guide	1
Contents	3
Preface	11
Audience	11
Organization	11
Conventions	12
Related Documentation	13
Obtaining Documentation	13
Cisco.com	13
Product Documentation DVD	13
Ordering Documentation	14
Documentation Feedback	14
Cisco Product Security Overview	14
Reporting Security Problems in Cisco Products	15
Obtaining Technical Assistance	15
Cisco Technical Support & Documentation Website	16
Submitting a Service Request	16
Definitions of Service Request Severity	16
Obtaining Additional Publications and Information	17
Using the CLI	19
Setting up the Switch	19
Starting A CLI Session	20
Logging In	21
Authentication	21
Customizing the Login Prompt	22
Entering CLI Modes	22
Using User Execute Mode	23
Using Privileged Execute Mode	23
Using Global Configuration Mode	23
Exiting CLI Modes	24
Quick Help	24
Command Abbreviation	25
Editing the CLI	25
Exiting the CLI Session	26
Specifying Modules and Ports	27
Slot#/Port# Pairs	27
Ranges	27
Lists	27
The “all” Keyword	28
Using the Documentation	28
Synopsis	28
Syntax	28
Platform Availability	28
Command Modes	29
Privilege Level	29
Usage Guidelines	29
Examples	29
Defaults	29
Related Commands	29
Administrative Commands	31
Fibre Channel Commands	115
InfiniBand Commands	139
IP Commands	155
Show Commands	167
Diagnostic Commands	381
Running Diagnostic Tests	381

Cisco SFS7000P-SK9 Command Reference - Page 22

Customizing the Login Prompt, Entering CLI Modes

Page 22 highlights