The switch ships with default passwords configured for access to CLI through a console or Telnet session. If you possess read-write-all access authority, and you use SNMPv3, then you can change passwords in encrypted format. If you use Enterprise Device Manager (EDM), then you can also specify the number of allowed Telnet sessions and Remote login (rlogin) sessions.
Note
Rlogin is only supported on VSP 8600 Series.
Important
Be aware that the default passwords and community strings are documented and well known. Change the default passwords and community strings immediately after the first logon.
For security, if you fail to log on correctly in three consecutive instances, then the device locks for 60 seconds.
The switch stores passwords in encrypted format and not in the configuration file.
As a network administrator, you can configure the RADIUS server for user authentication to override user access to commands. You must still provide access based on the existing access levels in the switch, but you can customize user access by allowing and denying specific commands.
You must configure the following three returnable attributes for each user:
Access priority (single instance)–the access levels currently available on the switch (ro, l1, l2, l3, rw, rwa)
Command access (single instance)–indicates whether the user has access to the commands on the RADIUS server
CLI commands (multiple instances)–the list of commands that the user can or cannot use