Filter
Top Products
Managing Switch User Accounts Overview of User Accounts
OmniSwitch 6600 Family Switch Management Guide March 2005 page 7-3
Overview of User Accounts
A user account includes a login name, password, and user privileges. The account also includes privilege
or profile information, depending on the type of user account. There are two types of accounts: network
administrator accounts, and end-user or customer login accounts.
Network administrator accounts are configured with user (sometimes called functional) privileges. These
privileges determine whether the user has read or write access to the switch and which command domains
and command families the user is authorized to execute on the switch.
Customer login accounts are configured with end-user profiles rather than functional privileges. Profiles
are configured separately and then attached to the user account. A profile specifies command areas to
which a user has access as well as VLAN and/or port ranges to which the user has access.
The designation of particular command families/domains or command families for user access is some-
times referred to as partitioned management. The privileges and profiles are sometimes referred to as
authorization.
Note. End-user command areas are different from the command domains/families used for network
administrator accounts. In general, command areas are much more restricted groups of commands (see
page 7-14).
Functional privileges (network administration) and end-user profiles (customer login) are mutually exclu-
sive. Both types of users may exist on the switch, but any given user account can only be one type,
network administrator or customer login. The CLI in the switch prevents you from configuring both privi-
leges and a profile for the same user.
End-user profiles also cannot be configured on an authentication server; however, users configured on an
external authentication server may have profile attributes, which the switch will attempt to match to
profiles configured locally.
Note that if user information is configured on an external server (rather than locally on the switch through
the CLI) with both functional privilege attributes and profile attributes, the user is seen by the switch as an
end-user and will attempt to match the profile name to a profile name configured on the switch. If there is
no match, the user will not be able to log into the switch.
Note. For information about setting up user information on an authentication (AAA) server, see the
“Managing Authentication Servers” chapter of the OmniSwitch 6600 Family Network Configuration
Guide.
Users typically log into the switch through one of the following methods:
• Console port—A direct connection to the switch through the console port.
• Telnet—Any standard Telnet client may be used for logging into the switch.
• FTP—Any standard FTP client may be used for logging into the switch.
• HTTP—The switch has a Web browser management interface for users logging in via HTTP. This
management tool is called WebView.