Filter
Top Products
AT-9000 Switch Command Line User’s Guide
1363
Remote Manager Accounts
The switch has one local manager account. The account is referred to as a
local account because the switch authenticates the user name and
password when a manager uses the account to log on. If the user name
and password are valid, the switch allows the individual to access its
management software. Otherwise, it cancels the login to prevent
unauthorized access.
There are two ways to add more manager accounts. One way is to create
additional local accounts. This is explained in Chapter 76, “Local Manager
Accounts” on page 1259 and Chapter 77, “Local Manager Account
Commands” on page 1271. There can be up to eight local manager
accounts.
The other way to add more accounts is with a RADIUS or TACACS+
authentication server on your network. With these features, the
authentication of the user names and passwords of the manager accounts
is performed by one or more authentication servers. The switch forwards
the information to the servers when managers log on. The following steps
illustrate the authentication process that occurs between the switch and an
authentication server when a manager logs on:
1. The switch uses its RADIUS or TACACS+ client to transmit the user
name and password to an authentication server on the network.
2. The server checks to see if the user name and password are valid.
3. If the combination is valid, the authentication server notifies the switch,
which completes the login process, allowing the manager access to its
management software.
4. If the user name and password are invalid, the authentication protocol
server notifies the switch, which cancels the login.
As explained in “Privilege Levels” on page 1260, local manager accounts
can have a privilege level of 1 or 15. Managers with a privilege level of 15
have access to all command modes. Managers with accounts that have a
privilege level of 1 are restricted to the User Exec mode when command
mode restriction is active on the switch, unless they know the special
password.
Privilege levels also apply to remote manager accounts. When you create
accounts on an authentication server, assign them a level of 1 or 15, just
like local accounts. If command mode restriction is active on the switch,
managers with a privilege level of 1 are limited to the User Exec mode,
while managers with a privilege level of 15 are given access to the entire
command mode structure. If command mode restriction is not active on