168
Using the CLI
• The user password is saved internally in encrypted format and never
appears in clear text anywhere on the CLI.
• The CLI supports and Radius authentication servers.
• The CLI allows the user to configure primary and secondary
authentication servers. If the primary authentication server fails to respond
within a configurable period, the CLI automatically tries the secondary
authentication server.
• The user can specify whether the CLI should revert to using local user
accounts when the remote authentication servers do not respond or if the
CLI simply fails the login attempt because the authentication servers are
down. This requirement applies only when the user is login through a
telnet or an SSH session.
• The CLI always allows the user to log in to a local serial port even if the
remote authentication server(s) are down. In this case, CLI reverts to using
the locally configured accounts to allow the user to log in.
User Access Control
In addition to authenticating a user, the CLI also assigns the user access to
one of two security levels. Level 1 has read-only access. This level allow the
user to read information but not configure the switch. The access to this level
cannot be modified. Level 15 is the special access level assigned to the
superuser of the switch. This level has full access to all functions within the
switch and can not be modified.
If the user account is created and maintained locally, each user is given an
access level at the time of account creation. If the user is authenticated
through remote authentication servers, the authentication server is
configured to pass the user access level to the CLI when the user is
authenticated. When Radius is used, the
Vendor-Specific Option
field
returns the access level for the user. Two vendor specific options are
supported. These are CISCO-AV-Pairs(Shell:priv-lvl=x) and Dell Radius VSA
(user-group=x). provides the appropriate level of access.
The following rules and specifications apply:
• The user determines whether remote authentication servers or locally
defined user authentication accounts are used.
Содержание PowerConnect 6224
Страница 54: ...54 Contents show ip https 1369 state 1370 ...
Страница 134: ...134 Command Groups ...
Страница 186: ...186 Using the CLI ...
Страница 216: ...216 ACL Commands ...
Страница 236: ...236 Address Table Commands ...
Страница 250: ...250 CDP Interoperability Commands ...
Страница 256: ...256 DHCP Layer 2 Relay Commands Example console config dhcp l2relay vlan 10 340 345 ...
Страница 284: ...284 Dynamic ARP Inspection Commands ...
Страница 318: ...318 Ethernet Configuration Commands ...
Страница 330: ...330 GVRP Commands ...
Страница 344: ...344 IGMP Snooping Commands ...
Страница 368: ...368 IP Addressing Commands ...
Страница 378: ...378 IPv6 Access List Commands ...
Страница 386: ...386 IPv6 MLD Snooping Querier Commands MLD Version Indicates the version of MLD ...
Страница 393: ...LACP Commands 393 Oper Key 29 Partner System Priority 0 MAC Address 000000 000000 Oper Key 14 ...
Страница 394: ...394 LACP Commands ...
Страница 404: ...404 Link Dependency Commands ...
Страница 432: ...432 LLDP Commands ...
Страница 446: ...446 Port Monitor Commands 1 Enable 1 g10 1 g8 Rx Tx ...
Страница 572: ...572 TACACS Commands ...
Страница 610: ...610 VLAN Commands ...
Страница 616: ...616 Voice VLAN Commands ...
Страница 618: ...618 802 1x Commands 802 1x Option 81 radius server attribute 4 ...
Страница 643: ...802 1x Commands 643 console show dot1x advanced ethernet 1 g2 Port Guest Unauthenticated VLAN Vlan 1 g2 10 20 ...
Страница 656: ...656 ARP Commands IP Address MAC Address Interface Type Age console ...
Страница 678: ...678 DHCPv6 Commands DHCPv6 Relay forward Packets Transmitted 0 Total DHCPv6 Packets Transmitted 0 ...
Страница 822: ...822 IPv6 Routing Commands ...
Страница 826: ...826 Loopback Interface Commands ...
Страница 828: ...828 Multicast Commands show ip pimsm rphash show ip pimsm rp mapping ...
Страница 854: ...854 Multicast Commands ...
Страница 930: ...930 OSPF Commands ...
Страница 933: ...OSPFv3 Commands 933 show ipv6 ospf virtual link show ipv6 ospf virtual link brief ...
Страница 1004: ...1004 PIM SM Commands ...
Страница 1014: ...1014 Router Discovery Protocol Commands ...
Страница 1036: ...1036 Tunnel Interface Commands console config interface tunnel 1 console config if tunnel1 tunnel source vlan 11 ...
Страница 1037: ...Virtual LAN Routing Commands 1037 50 Virtual LAN Routing Commands This chapter explains the following command show ip vlan ...
Страница 1054: ...1054 Autoconfig Commands boot host dhcp boot host retry count show boot ...
Страница 1058: ...1058 Autoconfig Commands ...
Страница 1094: ...1094 Captive Portal Commands ...
Страница 1110: ...1110 Clock Commands ...
Страница 1130: ...1130 Configuration and Image File Commands ...
Страница 1142: ...1142 Denial of Service Commands ...
Страница 1162: ...1162 Password Management Commands aging enabled aging value 30 days User lockout enabled User lockout attempts 3 ...
Страница 1178: ...1178 Power Over Ethernet Commands ...
Страница 1220: ...1220 Serviceability Tracing Packet Commands ...
Страница 1232: ...1232 Sflow Commands ...
Страница 1262: ...1262 SNMP Commands ...
Страница 1346: ...1346 System Management Commands 4 5 ...
Страница 1350: ...1350 Telnet Server Commands ...
Страница 1351: ...User Interface Commands 1351 70 User Interface Commands This chapter explains the following commands enable end exit quit ...
Страница 1372: ...1372 Web Server Commands ...