Using the CLI 171
CLI prevents the user from accidentally copying a configuration image onto a
software image and vice versa.
Management Interface Security
This section describes the minimum set of management interface security
measures implemented by the CLI. Management interface security consists
of user account management, user access control and remote network/host
access controls.
CLI through Telnet, SSH, Serial Interfaces
The CLI is accessible through a local serial interface, a remote telnet, or
secure shell sessions. Since the serial interface requires a physical connection
for access, it is used if all else fails. The serial interface is the only interface
from which the user may access the Easy Setup Wizard. It is the only
interface that the user can access if the remote authentication servers are
down and the user has not configured the system to revert to local managed
accounts.
The following rules and specifications apply to these interfaces:
• The CLI is accessible from remote telnet through the management IP
address for the switch.
• The CLI is accessible from a secure shell interface.
• The CLI generates keys for SSH locally.
• The serial session defaults to 9600 baud rate, eight data bits, non-parity
and one stop bit.
User Accounts Management
The CLI provides authentication for users either through remote
authentication servers supporting TACACS+ or Radius or through a set of
locally managed user accounts. The setup wizard asks the user to create the
initial administrator account and password at the time the system is booted.
The following rules and specifications apply:
• The user may create as many a five local user accounts.
• User accounts have an access level, a user name, and a user password.
• The user is able to delete the user accounts but the user will not be able to
delete the last level 15 account.