Enhanced Secure Mode

Authentication Levels

After you enable enhanced secure mode with the boot config flags enhancedsecure-mode command, the switch supports role-based authentication levels. With enhanced secure mode enabled, the switch supports the following authentication access levels for local authentication, Remote Authentication Dial-In User Service (RADIUS), and Terminal Access Controller Access Control System Plus (TACACS+) authentication:

• Administrator

• Privilege

• Operator

• Auditor

• Security

Each username is associated with a certain role in the product and appropriate authorization rights for viewing and executing commands are available for that role.

With enhanced secure mode enabled, the person in the role-based authentication level of administrator configures the login and password values for the other role-based authentication levels. The administrator access level cannot be disabled on VOSS switches.

The administrator initially logs on to the switch using the default login of admin and the default password of admin. After the initial login, the switch prompts the administrator to create a new password.

The following displays an example of the initial login to the switch by the administrator after enhanced secure mode is enabled.

Login: admin
Password: *****
        This is an initial attempt using the default user name and password.
        Please change the user name and password to continue.
Enter the new name : rwa
Enter the New password : ****************
Re-enter the New password : ****************
Password changed successfully
        Last Successful Login:Wed Oct 14 12:20:42 2015
         Unsuccessful Login attempts from last login is: 0

The administrator then configures default logins and passwords for the other users based on the role-based authentication levels of the user.

Access Level and Login Details