Configuring CLI Access using EDM

Use the following procedures to perform CLI access configuration tasks such as:

  • Enable access levels

  • Change passwords

  • Configure the logon banner

Enable Access Levels

About this task

Enable access levels to control the configuration actions of various users.

Important

Important

Only the RWA user can disable an access level on the switch. You cannot disable the RWA access level on the switch.

The system preserves these configurations across restarts.

Procedure

  1. In the navigation pane, expand Configuration > Security > Control Path.
  2. Click General.
  3. Click the CLI tab.
  4. Select the enable check box for the required access level.
  5. Click Apply.

Change Passwords

About this task

Configure new passwords for each access level, or change the logon or password for the different access levels of the system to prevent unauthorized access. After you receive the switch, use default passwords to initially access CLI. If you use Simple Network Management Protocol version 3 (SNMPv3), you can change passwords in encrypted format.

Procedure

  1. In the navigation pane, expandConfiguration > Security > Control Path.
  2. Click General.
  3. Click the CLI tab.
  4. Specify the username and password for the appropriate access level.
  5. Click Apply.

Configure the Logon Banner

About this task

Configure the logon banner using EDM to display a warning message to users on the CLI before authentication.

Procedure

  1. In the navigation pane, expand Configuration > Security > Control Path.
  2. Click General.
  3. Click the CLI tab.
  4. Enter the banner text in the CustomBannerText field.
  5. Check the CustomBannerEnable check box.
  6. Click Apply.

CLI Field Descriptions

The following table defines parameters for the CLI tab.

Name

Description

RWAUserName

Specifies the user name for the read-write-all CLI account.

RWAPassword

Specifies the password for the read-write-all CLI account.

RWEnable

Activates the read-write access. The default is enabled.

RWUserName

Specifies the user name for the read-write CLI account.

RWPassword

Specifies the password for the read-write CLI account.

RWL3Enable

Activates the read-write Layer 3 access. The default is enabled.

RWL3UserName

Specifies the user name for the Layer 3 read-write CLI account.

RWL3Password

Specifies the password for the Layer 3 read-write CLI account.

RWL2Enable

Activates the read-write Layer 2 access. The default is enabled.

RWL2UserName

Specifies the user name for the Layer 2 read-write CLI account.

RWL2Password

Specifies the password for the Layer 2 read-write CLI account.

RWL1Enable

Activates the read-write Layer 1 access. The default is enabled.

RWL1UserName

Specifies the user name for the Layer 1 read-write CLI account.

RWL1Password

Specifies the password for the Layer 1 read-write CLI account.

ROEnable

Activates the read-only CLI account. The default is enabled.

ROUserName

Specifies the user name for the read-only CLI account.

ROPassword

Specifies the password for the read-only CLI account.

MaxTelnetSessions

Specifies the maximum number of concurrent Telnet sessions in a range from 0–8. The default is 8.

Timeout

Specifies the number of seconds of inactivity for a Telnet before the system initiates automatic timeout and disconnect, expressed in a range from 30–65535. The default is 900 seconds.

NumAccessViolations

Indicates the number of CLI access violations detected by the system. This variable is a read-only field.

CustomBannerText

Note:

Exception: not supported on VSP 8600 Series.

Specifies the text message that is displayed to users on the CLI before authentication. The message can be company information, such as company name and contact, or a warning message for the users of CLI.

With character limitation from 1-1800, the text box displays 79 characters per line.

CustomBannerEnable

Note:

Exception: not supported on VSP 8600 Series.

Specifies whether custom logon banner is enabled or disabled. The default is enabled.