Chapter 1: Accessing the Switch
Switch User Accounts
The user accounts listed in Table 4 can be defined in the RADIUS server dictionary file.
Table 4: User Access Levels
User Account | Description and Tasks Performed | Password |
|
|
|
User | The User has no direct responsibility for switch management. | user |
| He or she can view all switch status information and statistics |
|
| but cannot make any configuration changes to the switch. |
|
|
|
|
Operator | The Operator manages all functions of the switch. The | oper |
| Operator can reset ports, except the management port. |
|
|
|
|
Administrator | The | admin |
| commands, information, and configuration commands on the |
|
| switch, including the ability to change both the user and |
|
| administrator passwords. |
|
|
|
|
RADIUS Attributes for EX2500 User Privileges
When the user logs in, the switch authenticates his or her level of access by sending the RADIUS access request, that is, the client authentication request, to the RADIUS authentication server.
If the remote user is successfully authenticated by the authentication server, the switch will verify the privileges of the remote user and authorize the appropriate access. The administrator has an option to allow secure backdoor access via Telnet, SSH, or the Web Device Manager. Secure backdoor provides switch access when the RADIUS servers cannot be reached. You always can access the switch via the console port, by using noradius and the administrator password, whether secure backdoor is enabled or not.
NOTE: To obtain the RADIUS backdoor password for your EX2500 switch, contact technical support.
All user privileges, other than those assigned to the Administrator, have to be defined in the RADIUS dictionary. RADIUS attribute 6, which is built into all RADIUS servers, defines the administrator. The filename of the dictionary is RADIUS
Table 5:
Username/Access | Value | |
|
|
|
User | 255 | |
|
|
|
Operator | 252 | |
|
|
|
Admin | 6 | |
|
|
|
Securing Access to the Switch 13