Filter
Top Products
Chapter 76: Local Manager Accounts
1260
Overview
Each AT-9000 Series switch is pre-configured at the factory with one
default manager account. The factory-default values for the user name
and password are “manager” and “friend.” If you are the only administrator
of the switch, you may not need more than one manager account. But if
you plan for the switch to be managed by more than one administrator,
you may want to create additional accounts so that each administrator has
a separate account.
There are two ways to add more manager accounts. One method adds
local accounts. A local account is so called because it is the switch that
authenticates the user name and password when a manager logs in. The
default manager account is a local account. This chapter explains how to
create more local accounts.
The switch also supports remote manager accounts. These are accounts
that are authenticated by a RADIUS or TACACS+ server on your network.
For information, refer to Chapter 88, “RADIUS and TACACS+ Clients” on
page 1361.
Privilege Levels Manager accounts have privilege levels that determine where in the
command mode structure managers can go and, consequently, which
commands they can access. The privilege levels are 1 and 15.
Manager accounts with a privilege level of 15 have access to the entire
command mode structure and, thus, to all of the commands. Managers
should be assigned accounts with this level if they need to configure the
parameter settings of the switch. The default manager account has this
privilege level.
Manager accounts with a privilege level of 1 are restricted to the User
Exec mode, in which many of the SHOW commands are stored. Accounts
with this level are appropriate for managers who only need to monitor the
switch.
Command Mode
Restriction
Command mode restriction allows you to enhance the security of the
manager accounts by requiring that managers who have the privilege level
15 enter a special password to move from the User Exec mode to the
Privileged Exec mode. Managers who do not know the special password
are restricted to the User Exec mode, just as if their accounts had the
privilege level 1.
When command mode restriction is active on the switch, managers are
prompted for the special password when they enter the ENABLE
command to move from the User Exec mode to the Privilege Exec mode.
The prompt is shown in Figure 207.