User Authentication
3-31
3
Command Attributes
•User Name* – The name of the user.
(Maximum length: 8 characters)
•Access Level* – Specifies the user level.
(Options: Normal and Privileged)
•Password – Specifies the user password.
(Range: 0-8 characters plain text, case sensitive)
* CLI only.
Web – Click Security, Passwords. To change the password for the current user,
enter the old password, the new password, confirm it by entering it again, then click
Apply.
CLI – Assign a user name to access-level 15 (i.e., administrator), then specify the
password.
Configuring Local/Remote Logon Authentication Use the Authentication Settings menu to restrict management access based on
specified user names and passwords. You can manually configure access rights on
the switch, or you can use a remote access authentication server based on RADIUS
or TACACS+ protocols.
Remote Authentication Dial-in
User Service (RADIUS) and
Terminal Access Controller
Access Control System Plus
(TACACS+) are logon
authentication protocols that
use software running on a
central server to control
access to RADIUS-aware or
TACACS-aware devices on
the network. An authentication
server contains a database of multiple user name/password pairs with associated
privilege levels for each user that requires management access to the switch.
Console(config)#username bob access-level 15 4-26
Console(config)#username bob password 0 smith
Console(config)#
Web
Telnet
RADIUS/
TACACS+
server
console
1.Client attempts management access.
2.Switch contacts authentication server.
3.Authentication server challenges client.
4.Client responds with proper password or key.
5.Authentication server approves access.
6.Switch grants management access.