Dell S4148U-ON OS10 Enterprise Edition User Guide Release 10.4.0E R2 - Page 454
Assign user role, RADIUS authentication
View all Dell S4148U-ON manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 454 highlights
Assign user role To limit OS10 system access, assign a role when you configure each user. For password requirements, see Configure user name and password. • Enter a user name, password, and role in CONFIGURATION mode. username username password password role role • username username - Enter a text string (up to 32 alphanumeric characters; 1 character minimum). • password password - Enter a text string (up to 32 alphanumeric characters; 9 characters minimum). • role role - Enter a user role: • sysadmin - Full access to all commands in the system, exclusive access to commands that manipulate the file system, and access to the system shell. A system administrator can create user IDs and user roles. • secadmin - Full access to configuration commands that set security policy and system access, such as password strength, AAA authorization, and cryptographic keys. A security administrator can display security information, such as cryptographic keys, login statistics, and log information. • netadmin - Full access to configuration commands that manage traffic flowing through the switch, such as routes, interfaces, and ACLs. A network administrator cannot access configuration commands for security features or view security information. • netoperator - Access to EXEC mode to view the current configuration. A network operator cannot modify any configuration setting on a switch. Create user role OS10(config)# username smith password silver403! newuser role sysadmin View users OS10(config)# do show users Index Line User Role Application Idle Location Login-Time Lock 1 ttyS0 admin sysadmin login/clish . - 2016-04-14 02:06:00 RADIUS authentication To configure a RADIUS server for authentication, enter the server's IP address or host name. You can change the UDP port number on the server and the key used to authenticate the OS10 switch on the server. • Configure a RADIUS authentication server in CONFIGURATION mode. By default, a RADIUS server uses UDP port 1812; the switch uses radius_server as the key to log in to a RADIUS server. radius-server host {hostname | ip-address} [auth-port port-number | key authentication-key] Re-enter the radius-server host command multiple times to configure more than one RADIUS server. If you configure multiple RADIUS servers, OS10 attempts to connect in the order you configured them. An OS10 switch connects with the configured RADIUS servers one at a time, until a RADIUS server responds with an accept or reject response. Configure global settings for the timeout and retransmit attempts allowed on RADIUS servers by using the radius-server retransmit and radius-server timeout commands. By default, OS10 supports three RADIUS authentication attempts and times out after five seconds. • Configure the number of times OS10 retransmits a RADIUS authentication request in CONFIGURATION mode (0 to 100 retries; default 3). radius-server retransmit retries 454 System management