9-4
Using Passwords and TACACS+ To Protect Against Una uthorized Access
Configuring Username and Password Security
Using Passwords and
TACACS+
Note Usernames are optional. Also, in the menu interface and CLI, you can config-
ure passwords, but not usernames. To configure usernames, use the web
browser interface.
To configure password security:
1. Set a Manager password pair (and an Operator password pair, if applicable
for your system).
2. Exit from the current console session. A Manager password pair will now
be needed for full access to the console.
If you do steps 1 and 2, above, then the next time a console session is started
for either the menu interface or the CLI, a prompt appears for a password.
Assuming you have protected both the Manager and Operator levels, the level
of access to the console interface will be determined by which password is
entered in response to the prompt.
If you set a Manager password, you may also want to configure the
Inactivity Time parameter (see page 6-4). This causes the console session to
end after the specified period of inactivity, thus giving you added security
against unauthorized console access.
Note The manager and operator passwords and (optional) user-names control
access to the menu interface, CLI, and web browser interface.
If you configure only a Manager password (with no Operator password), and
the Manager password is not entered correctly when the console se ssion
begins, the switch denies access to th e console
Level Actions Permitted
Manager: Access to all console interface areas.
This is the default level. That is, if a Manager password has not been set prior
to starting the current console session, then anyon e having access to the
console can access any area of the console interfac e.
Operator: Access to the Status and Counters menu, the Even t Log, and the CLI*, but no
Configuration capabilities.
On the Operator level, the configuration menus, Download OS, and Reboot
Switch options in the Main Menu are not available.
*Allows use of the ping, link-test, show, menu, exi t, and logout commands, plus the enable
command if you can provide the Manager password.