Device Access

Once an IP address is assigned to the Extreme Networks device‘s management port, you can access the CLI through a network connection using SSH on its 10BaseT/100BaseTX Ethernet (management) port. This is in addition to the console port connection over the device's serial port.

You can initiate a SSH connection by specifying the management port‘s IP address.

The commands in the CLI are organized into the following levels:

• User EXEC - Lets you display information and perform basic tasks such as pings and traceroutes.
• Privileged EXEC - Lets you use the same commands as those at the User EXEC level plus configuration commands that do not require saving the changes to the system-config file.
• CONFIG - Lets you make configuration changes to the device. To save the changes across software reloads and system resets, you need to save them to the system-config file. The CONFIG level contains sub-levels for individual ports, for VLANs, for routing protocols, and other configuration areas.

Note

By default, any user who can open with command line interface (CLI) connection to an Extreme Network device can access all these CLI levels. To secure access, you can configure Enable passwords or local user accounts, or you can configure the device to use a RADIUS or TACACS+ server for authentication.

To access the device using SSH from a remote client:

remote-device-prompt# ssh <IP-address-of-device>

The appropriate user credentials must be provided to gain access to the device. The connection can be terminated by giving the ‘exit‘ command from the shell.

The configured max-retry value is optional and must be set between 1 and 5 per the security target. If the administrator provides the incorrect credentials after the specified number of retries, the account will lock up based on the login-attempts configured. For example, if the login-attempt is configured as 2, then account lock-up will happen at 3 incorrect attempts. There is no maximum lockout duration.

device(config)#username abcd…. ?
  access-time                   access permission based on time of the day
  enable                        Enable the user for login access after disabled
  expires                       Password expire time in days (1-365)
  login-attempts                Set number of login attempts
  nopassword                    No password is required for the user to log in
  password                      Specify the password for the user
  privilege                     Set user privilege level

device(config)#username abcd login-attempts ?
  DECIMAL   Range <1 to 5>

Locked user can access through the console and respective locked account will be unlocked on successful logging. All other locked accounts remain locked. All locked accounts will be unlocked when the device is reloaded. A locked account can be unlocked by using the command:

device# username <user> enable

Console(local) and remote network connections can be terminated by issuing “exit” from the command prompt until the prompt requesting user authentication is shown.