User Manual
Page 12
... Security Values 178 Controlling Management Access (Web 180 Access Profile 180 Authentication Profiles 184 Select Authentication 187 Password Management 188 Last Password Set Result 190 User Login Configuration 191 Local User Database 192 Line Password 194 Enable Password 194 TACACS+ Settings 195 RADIUS Global Configuration 197 RADIUS Server Configuration 198 RADIUS Accounting Server Configuration . . . . 200...
... Security Values 178 Controlling Management Access (Web 180 Access Profile 180 Authentication Profiles 184 Select Authentication 187 Password Management 188 Last Password Set Result 190 User Login Configuration 191 Local User Database 192 Line Password 194 Enable Password 194 TACACS+ Settings 195 RADIUS Global Configuration 197 RADIUS Server Configuration 198 RADIUS Accounting Server Configuration . . . . 200...
User Manual
Page 111
... Members SDM template Users Minimum password length IPv6 management mode SNTP client Global logging Switch auditing CLI command logging Web logging SNMP logging Console logging RAM logging Persistent (FLASH) logging Default None None None Enabled on Management VLAN (inband management... and IPv6 routing None 8 characters Enabled Disabled Enabled Disabled Disabled Disabled Disabled Enabled (Severity level: debug and above) Enabled (Severity level: debug and above) Disabled Default Settings 111 Disabled on out-of the software features on the PowerConnect 7000 Series switches. Table 6-1. 6...
... Members SDM template Users Minimum password length IPv6 management mode SNTP client Global logging Switch auditing CLI command logging Web logging SNMP logging Console logging RAM logging Persistent (FLASH) logging Default None None None Enabled on Management VLAN (inband management... and IPv6 routing None 8 characters Enabled Disabled Enabled Disabled Disabled Disabled Disabled Enabled (Severity level: debug and above) Enabled (Severity level: debug and above) Disabled Default Settings 111 Disabled on out-of the software features on the PowerConnect 7000 Series switches. Table 6-1. 6...
User Manual
Page 132
The administrator uses the OOB port to the management network. DHCP is enabled by default. console(config)#username admin password secret123 level 15 3 Configure the DNS servers, default domain name, and static host mapping. console(config)#ip name-server 10.27.... dhcp console(config-if)#exit 2 Configure the administrative user. The administrator configures a PowerConnect 7000 Series switch to obtain its IP address. If the DHCP client on the switch has been disabled, use the Dell Easy Setup Wizard to perform the initial switch configuration. The administrator also configures the ...
The administrator uses the OOB port to the management network. DHCP is enabled by default. console(config)#username admin password secret123 level 15 3 Configure the DNS servers, default domain name, and static host mapping. console(config)#ip name-server 10.27.... dhcp console(config-if)#exit 2 Configure the administrative user. The administrator configures a PowerConnect 7000 Series switch to obtain its IP address. If the DHCP client on the switch has been disabled, use the Dell Easy Setup Wizard to perform the initial switch configuration. The administrator also configures the ...
User Manual
Page 170
Line and Enable passwords Passwords to allow only authorized users to access the switch ...specify the port to use a remote TACACS+ server to use for the users associated with an associated password and security level. TACACS+ Configure the switch to validate switch management access for authentication, authorization, and... use . The supported security levels are allowed to the OOB port. Password management Includes settings such as minimum password length, features password aging, password reuse rules, password strength criteria, and number of users who are Read-Write (15), ...
Line and Enable passwords Passwords to allow only authorized users to access the switch ...specify the port to use a remote TACACS+ server to use for the users associated with an associated password and security level. TACACS+ Configure the switch to validate switch management access for authentication, authorization, and... use . The supported security levels are allowed to the OOB port. Password management Includes settings such as minimum password length, features password aging, password reuse rules, password strength criteria, and number of users who are Read-Write (15), ...
User Manual
Page 171
...Controlling Management Access 171 Selecting the authentication policy for management security include: • Require strong passwords • Disable factory-delivered default accounts • Enable password lockout • Configure user ACLs to protect administrative access to be applied system wide with...the Recommendations for authentication. • RADIUS--Sends the user's ID and password will be authenticated using the RADIUS server instead of the following: • ENABLE-Uses the enable password for authentication. • IAS-Uses the Internal Authentication Server database for...
...Controlling Management Access 171 Selecting the authentication policy for management security include: • Require strong passwords • Disable factory-delivered default accounts • Enable password lockout • Configure user ACLs to protect administrative access to be applied system wide with...the Recommendations for authentication. • RADIUS--Sends the user's ID and password will be authenticated using the RADIUS server instead of the following: • ENABLE-Uses the enable password for authentication. • IAS-Uses the Internal Authentication Server database for...
User Manual
Page 176
enable Auth-Type := Local, User-Password == "pass5678" Service-Type = Administrative-User The values for the Service-Type attribute are as follows: • NAS-Prompt-User indicates the user should be provided a command prompt on each PowerConnect 7000 Series switch supports multiple, named RADIUS servers. How Does the Switch Determine Which RADIUS Server to use...
enable Auth-Type := Local, User-Password == "pass5678" Service-Type = Administrative-User The values for the Service-Type attribute are as follows: • NAS-Prompt-User indicates the user should be provided a command prompt on each PowerConnect 7000 Series switch supports multiple, named RADIUS servers. How Does the Switch Determine Which RADIUS Server to use...
User Manual
Page 178
... on page 510. Port-based access control specifies whether devices that are connected to the network. Password aging, limiting the number consecutive passwords before reuse, and limiting the number of allowed consecutive login attempts are allowed access to the switch... Values Management Security Default Feature Management Access No access profiles are configured. Control List (ACL) Password management Password minimum length is enabled, and the minimum features password length is required. What Other Features Use Authentication? In addition to controlling access to the management...
... on page 510. Port-based access control specifies whether devices that are connected to the network. Password aging, limiting the number consecutive passwords before reuse, and limiting the number of allowed consecutive login attempts are allowed access to the switch... Values Management Security Default Feature Management Access No access profiles are configured. Control List (ACL) Password management Password minimum length is enabled, and the minimum features password length is required. What Other Features Use Authentication? In addition to controlling access to the management...
User Manual
Page 179
... renamed. TACACS+ No TACACS+ servers are defined. Table 9-2. RADIUS No RADIUS servers are defined. HTTP HTTP access to the switch is enabled. DoS DoS protection is 23. Local User Database No users are defined Line and Enable passwords No passwords are allowed, and the default port is disabled. Telnet New Telnet sessions are configured.
... renamed. TACACS+ No TACACS+ servers are defined. Table 9-2. RADIUS No RADIUS servers are defined. HTTP HTTP access to the switch is enabled. DoS DoS protection is 23. Local User Database No users are defined Line and Enable passwords No passwords are allowed, and the default port is disabled. Telnet New Telnet sessions are configured.
User Manual
Page 185
myList. If that attempt fails, the switch queries the local user database for these methods. For more information, see "Line Password" on page 194 or "Enable Password" on page 194. Figure 9-9. You can select myList as the login authentication for anyone who connects to an access method ...by using the System → Management Security → Select Authentication page. NOTE: To use the LINE or ENABLE method, you can ...
myList. If that attempt fails, the switch queries the local user database for these methods. For more information, see "Line Password" on page 194 or "Enable Password" on page 194. Figure 9-9. You can select myList as the login authentication for anyone who connects to an access method ...by using the System → Management Security → Select Authentication page. NOTE: To use the LINE or ENABLE method, you can ...
User Manual
Page 188
... are subject to the policies defined by RADIUS and TACACS+ are assigned security features, including: • Defining minimum password lengths (the minimum password length is 8 when password length-checking is enabled) • Password expiration • Preventing frequent password reuse • Locking out users out after failed login attempts (Local users only. Users authenticated by the RADIUS...
... are subject to the policies defined by RADIUS and TACACS+ are assigned security features, including: • Defining minimum password lengths (the minimum password length is 8 when password length-checking is enabled) • Password expiration • Preventing frequent password reuse • Locking out users out after failed login attempts (Local users only. Users authenticated by the RADIUS...
User Manual
Page 194
..., SSH, or Telnet. To display the Enable Password page, click System → Management Security → Enable Password in the navigation panel. To display the Line Password page, click System → Management Security → Line Password in the navigation panel. Enable Password 194 Controlling Management Access Line Password Use the Line Password page to define passwords that are used to normal and...
..., SSH, or Telnet. To display the Enable Password page, click System → Management Security → Enable Password in the navigation panel. To display the Line Password page, click System → Management Security → Line Password in the navigation panel. Enable Password 194 Controlling Management Access Line Password Use the Line Password page to define passwords that are used to normal and...
User Manual
Page 217
... required for the specified access method. The valid range is applied to the enable password (Range 8-64). Enforce a minimum number of days (1-365) a password can exist before it is 0-16. Command line {console|ssh |telnet} login authentication {default|list-name} enable authentication {default|list-name} show authentication methods Purpose Enter Line configuration mode for...
... required for the specified access method. The valid range is applied to the enable password (Range 8-64). Enforce a minimum number of days (1-365) a password can exist before it is 0-16. Command line {console|ssh |telnet} login authentication {default|list-name} enable authentication {default|list-name} show authentication methods Purpose Enter Line configuration mode for...
User Manual
Page 231
... ------Console Telnet SSH Login Method List defaultList myList myList Enable Method List enableList enableList enableList HTTPS HTTP DOT1X :local :local : Configuring Password Lockout To define the password lockout policy: 1 Configuring the password lockout for a user requires the following steps: Define the local user name and password 2 Select (or configure) an authentication policy for the access...
... ------Console Telnet SSH Login Method List defaultList myList myList Enable Method List enableList enableList enableList HTTPS HTTP DOT1X :local :local : Configuring Password Lockout To define the password lockout policy: 1 Configuring the password lockout for a user requires the following steps: Define the local user name and password 2 Select (or configure) an authentication policy for the access...
User Manual
Page 232
... switch: 1 Create a local user console#configure console(config)#username abc password password 2 Configure the lockout policy globally and specify that enables password lockout. console#show users accounts UserName Privilege abc 1 admin 15 Password Aging ------------ Failed attempts to log on to be locked out. console(config)#passwords lock-out 3 console(config)#exit 3 View information about the users...
... switch: 1 Create a local user console#configure console(config)#username abc password password 2 Configure the lockout policy globally and specify that enables password lockout. console#show users accounts UserName Privilege abc 1 admin 15 Password Aging ------------ Failed attempts to log on to be locked out. console(config)#passwords lock-out 3 console(config)#exit 3 View information about the users...
User Manual
Page 233
...Console Telnet SSH Login Method List defaultList networkList networkList Enable Method List enableList enableList enableList HTTPS HTTP DOT1X :local :local : 5 Configure the serial port for password lockout because it has been globally enabled, and Telnet and SSH use the networkList authentication method...the authentication profiles. The defaultList does not require authentication, but the networkList requires authentication by verifying the user name and password against an entry in the local database. By default, Console (serial) access uses the defaultList authentication. Telnet and...
...Console Telnet SSH Login Method List defaultList networkList networkList Enable Method List enableList enableList enableList HTTPS HTTP DOT1X :local :local : 5 Configure the serial port for password lockout because it has been globally enabled, and Telnet and SSH use the networkList authentication method...the authentication profiles. The defaultList does not require authentication, but the networkList requires authentication by verifying the user name and password against an entry in the local database. By default, Console (serial) access uses the defaultList authentication. Telnet and...
User Manual
Page 269
...password password7048 console(Mail-Server)#exit 3 Configure emergencies and alerts to be sent immediately, and all config Mail Servers Configuration: No of the sender (the switch). console(config)#logging email message-type urgent subject "LOG MESSAGES - console#show logging email config Email Alert Logging enabled Email Alert From Address pc7048_noreply@dell...25 Email Alert SecurityProtocol none Email Alert Username switch7048 Email Alert Password password7048 console#show mail-server all other messages to -addr administrator@dell.com 6 Specify the text that will appear in a single...
...password password7048 console(Mail-Server)#exit 3 Configure emergencies and alerts to be sent immediately, and all config Mail Servers Configuration: No of the sender (the switch). console(config)#logging email message-type urgent subject "LOG MESSAGES - console#show logging email config Email Alert Logging enabled Email Alert From Address pc7048_noreply@dell...25 Email Alert SecurityProtocol none Email Alert Username switch7048 Email Alert Password password7048 console#show mail-server all other messages to -addr administrator@dell.com 6 Specify the text that will appear in a single...
User Manual
Page 338
username groupname [remote engineid-string] • username - The engine ID is two hexadecimal digits. The HMAC-SHA-96 authentication level. • password - A password. (Range: 1 to "informs." (Range: 5-32 characters.) • auth-md5 - The HMAC-MD5-96 authentication level. Character string-length 32 hex... characters. • sha-key - Character string-length 48 characters. • priv-des - The user should be defined to enable the device to receive acknowledgements to 32 characters.) • auth-md5-key - Each byte in the hexadecimal character string is priv-des-...
username groupname [remote engineid-string] • username - The engine ID is two hexadecimal digits. The HMAC-SHA-96 authentication level. • password - A password. (Range: 1 to "informs." (Range: 5-32 characters.) • auth-md5 - The HMAC-MD5-96 authentication level. Character string-length 32 hex... characters. • sha-key - Character string-length 48 characters. • priv-des - The user should be defined to enable the device to receive acknowledgements to 32 characters.) • auth-md5-key - Each byte in the hexadecimal character string is priv-des-...
User Manual
Page 447
...Captive Portal that requires a username and password and another that only requires the username. The certificate is presented to require. Since the PowerConnect 7000 Series switches support up to provide encryption. Configuring a Captive Portal 447 Before enabling the Captive Portal feature, decide what type... number of authentication to the user at connection time. also writes a message to the Captive Portal can be customized. To enable the Captive Portal traps, see "Configuring SNMP Notifications (Traps and Informs)" on the page, including the field and button labels...
...Captive Portal that requires a username and password and another that only requires the username. The certificate is presented to require. Since the PowerConnect 7000 Series switches support up to provide encryption. Configuring a Captive Portal 447 Before enabling the Captive Portal feature, decide what type... number of authentication to the user at connection time. also writes a message to the Captive Portal can be customized. To enable the Captive Portal traps, see "Configuring SNMP Notifications (Traps and Informs)" on the page, including the field and button labels...
User Manual
Page 450
After you enable Captive Portal, no interfaces are associated with the Captive Portal Welcome screen shown in this mode because the client IP and MAC addresses are obtained ..., selects the Acceptance Use Policy check box, and clicks Connect to the switch through that duplicate Username entries can be defined in a database or enter a password to access the network because the default verification mode is disabled by default. If you associate an interface with the Captive Portal and globally...
After you enable Captive Portal, no interfaces are associated with the Captive Portal Welcome screen shown in this mode because the client IP and MAC addresses are obtained ..., selects the Acceptance Use Policy check box, and clicks Connect to the switch through that duplicate Username entries can be defined in a database or enter a password to access the network because the default verification mode is disabled by default. If you associate an interface with the Captive Portal and globally...
User Manual
Page 482
... when they attempt to connect to populate the local database. 8. Add the Conference users to the database on page 455. 7. console(config-CP)#enable 482 Configuring a Captive Portal NOTE: Captive Portal page customization is supported only through the Web interface. console(config-CP)#configuration 4 console(config-CP ...4)#group 3 console(config-CP 4)#interface gi1/0/34 ... console(config-CP 4)#interface gi1/0/40 console(config-CP 4)#exit 6. Add the User-Name, User-Password, Session-Timeout, and Dell-CaptivePortal-Groups attributes for each employee to the local database. Globally...
... when they attempt to connect to populate the local database. 8. Add the Conference users to the database on page 455. 7. console(config-CP)#enable 482 Configuring a Captive Portal NOTE: Captive Portal page customization is supported only through the Web interface. console(config-CP)#configuration 4 console(config-CP ...4)#group 3 console(config-CP 4)#interface gi1/0/34 ... console(config-CP 4)#interface gi1/0/40 console(config-CP 4)#exit 6. Add the User-Name, User-Password, Session-Timeout, and Dell-CaptivePortal-Groups attributes for each employee to the local database. Globally...