Filter
Top Products
Using the CLI 202
If the user account is created and maintained locally, each user is given an
access level at the time of account creation. If the user is authenticated
through remote authentication servers, the authentication server is
configured to pass the user access level to the CLI when the user is
authenticated. When Radius is used, the
Vendor-Specific Option
field
returns the access level for the user. Two vendor specific options are
supported. These are CISCO-AV-Pairs(Shell:priv-lvl=x) and Dell Radius VSA
(user-group=x). TACACS+ provides the appropriate level of access.
The following rules and specifications apply:
• The user determines whether remote authentication servers or locally
defined user authentication accounts are used.
• If authentication servers are used, the user can identify at least two remote
servers (the user may choose to configure only one server) and what
protocol to use with the server, TACACS+ or Radius. One of the servers is
primary and the other is the secondary server (the user is not required to
specify a secondary server). If the primary server fails to respond in a
configurable time period, the CLI automatically attempts to authenticate
the user with the secondary server.
• The user is able to specify what happens when both primary and secondary
servers fail to respond. In this case, the user is able to indicate that the CLI
should either use the local user accounts or reject all requests.
• Even if the user configures the CLI to fail login when the remote
authentication servers are down, the CLI allows the user to log in to the
serial interface authenticated by locally managed account data.
Syslogs
The CLI uses syslog support to send logging messages to a remote syslog
server. The user configures the switch to generate all logging messages to a
remote log server. If no remote log server exists, then the CLI maintains a
rolling log of at most the last 1000 critical system events.
The following rules and specifications apply:
• The CLI permits the user to configure a remote syslog server to which all
system logging messages are sent.
• Log messages are implementation-dependent but may contain debug
messages, security or fault events.
2CSPC4.X8100-SWUM102.book Page 202 Friday, March 15, 2013 8:56 AM