Dell PowerSwitch S4112F-ON SmartFabric OS10 Security Best Practices Guide July - Page 8

Ensure that you use either, encryption for your passwords.

Get Dell PowerSwitch S4112F-ON PDF manuals and user guides View all Dell PowerSwitch S4112F-ON manuals
Add to My Manuals
Save this manual to your list of manuals

Page 8 highlights

▪ interface-Accesses Ethernet, fibre-channel, loopback, management, null, port-group, lag, breakout, range, port channel, and VLAN modes. ▪ route-map-Accesses route-map mode. ▪ router-Accesses router-bgp and router-ospf modes. ▪ line-Accesses line-vty mode. ○ priv-lvl privilege-level-Enter the number of a privilege level, from 2 to 14. ○ command-string-Enter the commands supported at the privilege level. • Create a username, password, assign a role, and assign a privilege level in CONFIGURATION mode. OS10(config)# username username password password role role priv-lvl privilege-level ○ username username-Enter a text string; 32 alphanumeric characters maximum; one character minimum. ○ password password-Enter a text string; 32 alphanumeric characters maximum, nine characters minimum. ○ role role-Enter a user role: ▪ sysadmin-Full access to all commands in the system, exclusive access to commands that manipulate the file system, and access to the system shell. A system administrator can create user IDs and user roles. ▪ secadmin-Full access to configuration commands that set security policy and system access, such as password strength, AAA authorization, and cryptographic keys. A security administrator can display security information, such as cryptographic keys, login statistics, and log information. ▪ netadmin-Full access to configuration commands that manage traffic flowing through the switch, such as routes, interfaces, and ACLs. A network administrator cannot access configuration commands for security features or view security information. ▪ netoperator-Access to EXEC mode to view the current configuration. A network operator cannot modify configuration settings on a switch. ○ priv-lvl privilege-level-Enter a privilege level, from 0 to 15. ▪ Level 0-Provides users the least privilege, restricting access to basic commands. ▪ Level 1-Provides access to a set of show commands and certain operations such as ping, traceroute, and so on. ▪ Level 15-Provides access to all available commands, equivalent to the commands permitted with the sysadmin role. ▪ Levels 0, 1, and 15-System configured privilege levels with a predefined command set. ▪ Levels 2 to 14-Not configured. You can customize these levels for different users and access rights. • Configure an enable password for each privilege level in CONFIGURATION mode. Use the enable password command to switch between privilege levels and access the commands that are supported at each level. OS10(config)# enable password encryption-type password-string priv-lvl privilege-level OS10(config)# exit OS10# write memory ○ encryption-type-Enter an encryption type for the password entry: ▪ 0-Use plain text with no password encryption. ▪ sha-256-Encrypt the password using the SHA-256 algorithm. ▪ sha-512-Encrypt the password using the SHA-512 algorithm. NOTE: Ensure that you use either sha-256 or sha512 encryption for your passwords. ○ priv-lvl privilege-level-Enter a privilege level, from 1 to 15. NOTE: Use SHA-256 or SHA-512 for password encryption. OS10(config)# privilege exec priv-lvl 12 "show version" OS10(config)# privilege exec priv-lvl 12 "configure terminal" OS10(config)# privilege configure priv-lvl 12 "interface ethernet" OS10(config)# privilege interface priv-lvl 12 "ip address" OS10(config)# username delluser password $6$Yij02Phe2n6whp7b$ladskj0HowijIlkajg981 role secadmin priv-lvl 12 OS10(config)# enable password sha-256 $5$2uThib1o$84p.tykjmz/w7j26ymoKBjrb7uepkUB priv-lvl 12 OS10(config)# exit OS10# write memory 8 OS10 security best practices

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
interface
—Accesses Ethernet, fibre-channel, loopback, management, null, port-group, lag, breakout, range, port channel,
and VLAN modes.
route-map
—Accesses route-map mode.
router
—Accesses
router-bgp
and
router-ospf
modes.
line
—Accesses line-vty mode.
priv-lvl
privilege-level
—Enter the number of a privilege level, from 2 to 14.
command-string
—Enter the commands supported at the privilege level.
Create a username, password, assign a role, and assign a privilege level in CONFIGURATION mode.
OS10(config)# username
username
password
password
role
role
priv-lvl
privilege-level
username
username
—Enter a text string; 32 alphanumeric characters maximum; one character minimum.
password
password
—Enter a text string; 32 alphanumeric characters maximum, nine characters minimum.
role
role
—Enter a user role:
sysadmin
—Full access to all commands in the system, exclusive access to commands that manipulate the file system, and
access to the system shell. A system administrator can create user IDs and user roles.
secadmin
—Full access to configuration commands that set security policy and system access, such as password strength,
AAA authorization, and cryptographic keys. A security administrator can display security information, such as cryptographic
keys, login statistics, and log information.
netadmin
—Full access to configuration commands that manage traffic flowing through the switch, such as routes,
interfaces, and ACLs. A network administrator cannot access configuration commands for security features or view security
information.
netoperator
—Access to EXEC mode to view the current configuration. A network operator cannot modify configuration
settings on a switch.
priv-lvl
privilege-level
—Enter a privilege level, from 0 to 15.
Level 0—Provides users the least privilege, restricting access to basic commands.
Level 1—Provides access to a set of show commands and certain operations such as ping, traceroute, and so on.
Level 15—Provides access to all available commands, equivalent to the commands permitted with the
sysadmin
role.
Levels 0, 1, and 15—System configured privilege levels with a predefined command set.
Levels 2 to 14—Not configured. You can customize these levels for different users and access rights.
Configure an enable password for each privilege level in CONFIGURATION mode. Use the
enable password
command to switch
between privilege levels and access the commands that are supported at each level.
OS10(config)# enable password
encryption-type
password-string
priv-lvl
privilege-level
OS10(config)# exit
OS10# write memory
encryption-type
—Enter an encryption type for the password entry:
0
—Use plain text with no password encryption.
sha-256
—Encrypt the password using the SHA-256 algorithm.
sha-512
—Encrypt the password using the SHA-512 algorithm.
NOTE:
Ensure that you use either
sha-256
or
sha512
encryption for your passwords.
priv-lvl
privilege-level
—Enter a privilege level, from 1 to 15.
NOTE:
Use SHA-256 or SHA-512 for password encryption.
OS10(config)# privilege exec priv-lvl 12 "show version"
OS10(config)# privilege exec priv-lvl 12 "configure terminal"
OS10(config)# privilege configure priv-lvl 12 "interface ethernet"
OS10(config)# privilege interface priv-lvl 12 "ip address"
OS10(config)# username delluser password $6$Yij02Phe2n6whp7b$ladskj0HowijIlkajg981 role
secadmin priv-lvl 12
OS10(config)# enable password sha-256 $5$2uThib1o$84p.tykjmz/w7j26ymoKBjrb7uepkUB priv-lvl 12
OS10(config)# exit
OS10# write memory
8
OS10 security best practices