Allied Telesis 2.6.1

46 AT-8800 Series Switch User Guide

Software Release 2.6.1

C613-02039-00 REV A

In normal mode, a user with manager privilege can create and delete accounts

for users with any of these privilege levels. Users and passwords are managed

by the User Authentication Facility. Users and passwords are authenticated

using an internal database called the User Authentication Database, or by

interrogation of external RADIUS (Remote Authentication Dial In User Service) or

TACACS (Terminal Access Controller Access System) servers.

On the CLI, to use an account with manager privilege, log in to the account by

entering the command:

The switch prompts you to enter a user name and password. To return to USER

mode, enter the command:

LOGOFF

Make sure that you do not leave a manager session unattended. Unauthorised

use of a manager session gives access to the User Authentication Database. To

reduce the risk of unauthorised activity, a subset of manager commands have a

security timer. These commands are shown in Table 4 on page 46. When you

enter one of these commands from a manager session, the security timer is

started and is then restarted each time you enter another of these commands. If

you enter one of these commands after the timer has expired, you are

prompted to re-enter the password. The secure delay timer is by default 60

seconds. If the password is not entered correctly the password prompt is

repeated a set number of times. If the correct password is still not entered a log

message is generated and the session is logged off.

The security timer enables a manager to make successive additions and

modifications to the database at one time without having to re-enter the

password for every command.

The security timer does not provide a foolproof security mechanism. Managers

should always attempt to log out of a manager session before leaving a

terminal unattended.

If the switch is operating in security mode, the manager must also log in to a user

account with SECURITY OFFICER privilege in order to execute any of the commands

listed in Table4 on page 46.

Table 4: Secure commands controlled by the security timer.

Command Description

ADD TACACS SERVER Adds a TACACS server to the list of TACACS servers used

for user authentication.

ADD USER Adds a user to the User Authentication Database.

DELETE TACACS SERVER Deletes a TACACS server from the list of TACACS servers

used for user authentication.

DELETE USER Deletes a user from the User Authentication Database.

PURGE USER Deletes all users except MANAGER from the User

Authentication Database.

SET MANAGER PORT Assigns a port semipermanent MANAGER privilege.

SET USER Modifies a user record in the User Authentication Database.