Feature |
Product |
Release introduced |
---|---|---|
Enhanced Secure mode |
5320 Series |
Fabric Engine 8.6 |
5420 Series |
VOSS 8.4 |
|
5520 Series |
VOSS 8.2.5 |
|
5720 Series |
Fabric Engine 8.7 |
|
7520 Series |
Fabric Engine 8.10 |
|
7720 Series |
Fabric Engine 8.10 |
|
VSP 4900 Series |
VOSS 8.1 |
|
VSP 7400 Series |
VOSS 8.0 |
|
Enhanced Secure mode for JITC and non-JITC sub-modes. |
5320 Series |
Fabric Engine 8.6 |
5420 Series |
VOSS 8.4 |
|
5520 Series |
VOSS 8.2.5 |
|
5720 Series |
Fabric Engine 8.7 |
|
7520 Series |
Fabric Engine 8.10 |
|
7720 Series |
Fabric Engine 8.10 |
|
VSP 4900 Series |
VOSS 8.1 |
|
VSP 7400 Series |
VOSS 8.0 |
|
Enhanced Secure mode - sensitive file protection |
5320 Series |
Fabric Engine 8.6 |
5420 Series |
VOSS 8.5 |
|
5520 Series |
VOSS 8.5 |
|
5720 Series |
Fabric Engine 8.7 |
|
7520 Series |
Fabric Engine 8.10 |
|
7720 Series |
Fabric Engine 8.10 |
|
VSP 4900 Series |
VOSS 8.5 |
|
VSP 7400 Series |
VOSS 8.5 |
After you enable enhanced secure mode with the boot config flags enhancedsecure-mode command, the switch supports role-based authentication levels. With enhanced secure mode enabled, the switch supports the following authentication access levels for local authentication, Remote Authentication Dial-In User Service (RADIUS), and Terminal Access Controller Access Control System Plus (TACACS+) authentication:
Administrator
Privilege
Operator
Auditor
Security
Each username is associated with a certain role in the product and appropriate authorization rights for viewing and executing commands are available for that role.
With enhanced secure mode enabled, the person in the role-based authentication level of administrator configures the login and password values for the other role-based authentication levels. The administrator access level cannot be disabled on VOSS switches.
The administrator initially logs on to the switch using the default login of admin and the default password of admin. After the initial login, the switch prompts the administrator to create a new password.
Login: admin Password: ***** This is an initial attempt using the default user name and password. Please change the user name and password to continue. Enter the new name : rwa Enter the New password : **************** Re-enter the New password : **************** Password changed successfully Last Successful Login:Wed Oct 14 12:20:42 2015 Unsuccessful Login attempts from last login is: 0
The administrator then configures default logins and passwords for the other users based on the role-based authentication levels of the user.
Access level |
Description |
Login location |
---|---|---|
Administrator |
The administrator access level permits all read-write access, and can change security settings. The administrator access level can configure CLI and web-based management user names, passwords, and the SNMP community strings. The administrator access level can also view audit logs. |
SSH/Telnet (in band/mgmt)/console |
Privilege |
The privilege access level has the same access permission as the administrator; however, the privilege access level cannot use RADIUS or TACACS+ authentication. |
SSH/Telnet(in band/mgmt)/console/ |
Operator |
The operator access level can view most switch configurations and status information. The operator access level can change physical port settings at layer 2 and layer 3. The operator access level cannot access audit logs or security settings. |
SSH/Telnet(in band/mgmt)/console/ |
Auditor |
The auditor access level can view configuration information, status information, and audit logs. |
SSH/Telnet(in band/mgmt)/console/ |
Security |
The security access level can change security settings only. The security access level also has permission to view configuration and status information. |
SSH/Telnet(in band/mgmt)/console/ |