Overview of User Accounts
Managing Switch User Accounts
page 7-4
OmniSwitch 6800/6850/9000 Switch Management Guide
December 2007
Overview of User Accounts
A user account includes a login name, password, and user privileges. The account also includes privilege
or profile information, depending on the type of user account. There are two types of accounts: network
administrator accounts and end-user or customer login accounts.
Network administrator accounts are configured with user (sometimes called
functional
) privileges. These
privileges determine whether the user has read or write access to the switch and which command
domains
and command
families
the user is authorized to execute on the switch.
Customer login accounts are configured with end-user profiles rather than functional privileges. Profiles
are configured separately and then attached to the user account. A profile specifies command
areas
to
which a user has access as well as VLAN and/or port ranges to which the user has access.
The designation of particular command families/domains or command families for user access is some-
times referred to as
partitioned management
. The privileges and profiles are sometimes referred to as
authorization
.
Note.
End-user command areas are different from the command domains/families used for network
administrator accounts. In general, command areas are much more restricted groups of commands (see
page 7-20
).
Functional privileges (network administration) and end-user profiles (customer login) are mutually exclu-
sive. Both types of users may exist on the switch, but any given user account can only be one type,
network administrator or customer login. The CLI in the switch prevents you from configuring both privi-
leges and a profile for the same user.
End-user profiles also cannot be configured on an authentication server; however, users configured on an
external authentication server may have profile attributes, which the switch will attempt to match to
profiles configured locally.
Note that if user information is configured on an external server (rather than locally on the switch through
the CLI) with both functional privilege attributes
and
profile attributes, the user is seen by the switch as an
end-user and will attempt to match the profile name to a profile name configured on the switch. If there is
no match, the user will not be able to log into the switch.
Note.
For information about setting up user information on an authentication (AAA) server, see the
“Managing Authentication Servers” chapter of the
OmniSwitch 6800/6850/9000 Network Configuration
Guide
.
Users typically log into the switch through one of the following methods:
•
Console port
—A direct connection to the switch through the console port.
•
Telnet
—Any standard Telnet client may be used for logging into the switch.
•
FTP
—Any standard FTP client may be used for logging into the switch.
•
HTTP
—The switch has a Web browser management interface for users logging in via HTTP. This
management tool is called WebView.
Содержание OmniSwitch 6850 Series
Страница 12: ...Contents xii OmniSwitch 6800 6850 9000 Switch Management Guide December 2007...
Страница 20: ...page xx OmniSwitch 6800 6850 9000 Switch Management Guide December 2007...
Страница 230: ...WebView Help Using WebView page 9 20 OmniSwitch 6800 6850 9000 Switch Management Guide December 2007...
Страница 274: ...Verifying the SNMP Configuration Using SNMP page 10 44 OmniSwitch 6800 6850 9000 Switch Management Guide December 2007...
Страница 292: ...Index Index 6 OmniSwitch 6800 6850 9000 Switch Management Guide December 2007...