User Manual
Page 12
... Security Values 178 Controlling Management Access (Web 180 Access Profile 180 Authentication Profiles 184 Select Authentication 187 Password Management 188 Last Password Set Result 190 User Login Configuration 191 Local User Database 192 Line Password 194 Enable Password 194 TACACS+ Settings 195 RADIUS Global Configuration 197 RADIUS Server Configuration 198 RADIUS Accounting Server Configuration . . . . 200...
... Security Values 178 Controlling Management Access (Web 180 Access Profile 180 Authentication Profiles 184 Select Authentication 187 Password Management 188 Last Password Set Result 190 User Login Configuration 191 Local User Database 192 Line Password 194 Enable Password 194 TACACS+ Settings 195 RADIUS Global Configuration 197 RADIUS Server Configuration 198 RADIUS Accounting Server Configuration . . . . 200...
User Manual
Page 111
...on out-of the software features on the PowerConnect 7000 Series switches. Default Settings Feature IP address Subnet mask Default gateway DHCP client Management VLAN ID VLAN 1 Members SDM template Users Minimum password length IPv6 management mode SNTP client Global logging ...Persistent (FLASH) logging Default None None None Enabled on Management VLAN (inband management ports). 1 All switch ports Dual IPv4 and IPv6 routing None 8 characters Enabled Disabled Enabled Disabled Disabled Disabled Disabled Enabled (Severity level: debug and above) Enabled (Severity level: debug and above) Disabled...
...on out-of the software features on the PowerConnect 7000 Series switches. Default Settings Feature IP address Subnet mask Default gateway DHCP client Management VLAN ID VLAN 1 Members SDM template Users Minimum password length IPv6 management mode SNTP client Global logging ...Persistent (FLASH) logging Default None None None Enabled on Management VLAN (inband management ports). 1 All switch ports Dual IPv4 and IPv6 routing None 8 characters Enabled Disabled Enabled Disabled Disabled Disabled Disabled Enabled (Severity level: debug and above) Enabled (Severity level: debug and above) Disabled...
User Manual
Page 132
...the administrative user with read/write access. The administrator also configures the following commands to enable the DHCP client on the OOB port. console(config)#username admin password secret123 level 15 3 Configure the DNS servers, default domain name, and static host mapping...(config)#exit 132 Setting Basic Network Information The administrator configures a PowerConnect 7000 Series switch to obtain its IP address. Basic Network Information Configuration Example In this example, an administrator at a Dell office in California decides not to use the following information: ...
...the administrative user with read/write access. The administrator also configures the following commands to enable the DHCP client on the OOB port. console(config)#username admin password secret123 level 15 3 Configure the DNS servers, default domain name, and static host mapping...(config)#exit 132 Setting Basic Network Information The administrator configures a PowerConnect 7000 Series switch to obtain its IP address. Basic Network Information Configuration Example In this example, an administrator at a Dell office in California decides not to use the following information: ...
User Manual
Page 170
...or source IP address. Table 9-1. The supported security levels are allowed to enter Privileged Exec mode from functioning. Line and Enable passwords Passwords to allow only authorized users to access the switch through the CLI interface (console, Telnet, and SSH) and to access...access) from User Exec mode. Local User Database Maintains a list of login attempts allowed. Password management Includes settings such as minimum password length, features password aging, password reuse rules, password strength criteria, and number of users who are Read-Write (15), Read Only (1), and ...
...or source IP address. Table 9-1. The supported security levels are allowed to enter Privileged Exec mode from functioning. Line and Enable passwords Passwords to allow only authorized users to access the switch through the CLI interface (console, Telnet, and SSH) and to access...access) from User Exec mode. Local User Database Maintains a list of login attempts allowed. Password management Includes settings such as minimum password length, features password aging, password reuse rules, password strength criteria, and number of users who are Read-Write (15), Read Only (1), and ...
User Manual
Page 171
... In large deployments, many administrators prefer to use the same Authentication Profile for all access types, or select or create a variety of the following : • ENABLE-Uses the enable password for authentication. • IAS-Uses the Internal Authentication Server database for 801X portbased authentication. • LINE--Uses the Line...
... In large deployments, many administrators prefer to use the same Authentication Profile for all access types, or select or create a variety of the following : • ENABLE-Uses the enable password for authentication. • IAS-Uses the Internal Authentication Server database for 801X portbased authentication. • LINE--Uses the Line...
User Manual
Page 176
... can be executed. • Administrative-User indicates the user should consider an unavailable RADIUS server as the current server. enable Auth-Type := Local, User-Password == "pass5678" Service-Type = Administrative-User The values for the Service-Type attribute are as follows: • NAS...-Prompt-User indicates the user should be provided a command prompt on each PowerConnect 7000 Series switch supports multiple, named RADIUS servers. A...
... can be executed. • Administrative-User indicates the user should consider an unavailable RADIUS server as the current server. enable Auth-Type := Local, User-Password == "pass5678" Service-Type = Administrative-User The values for the Service-Type attribute are as follows: • NAS...-Prompt-User indicates the user should be provided a command prompt on each PowerConnect 7000 Series switch supports multiple, named RADIUS servers. A...
User Manual
Page 178
... information about IEEE 802.1X, see "Dynamic VLAN Creation" on page 505. Control List (ACL) Password management Password minimum length is enabled, and the minimum features password length is required. IEEE 802.1X can also use the IAS to the switch is through the console...Security" on page 510. Default Management Security Values By default, the only management access to authenticate users. Password aging, limiting the number consecutive passwords before reuse, and limiting the number of allowed consecutive login attempts are configured. Management Security Default Values ...
... information about IEEE 802.1X, see "Dynamic VLAN Creation" on page 505. Control List (ACL) Password management Password minimum length is enabled, and the minimum features password length is required. IEEE 802.1X can also use the IAS to the switch is through the console...Security" on page 510. Default Management Security Values By default, the only management access to authenticate users. Password aging, limiting the number consecutive passwords before reuse, and limiting the number of allowed consecutive login attempts are configured. Management Security Default Values ...
User Manual
Page 179
... 9-2. TACACS+ No TACACS+ servers are defined. HTTPS HTTPS access to the switch is disabled. Local User Database No users are defined Line and Enable passwords No passwords are verified against the information in the local user database. • enableList-Method is NONE, which means the user credentials are configured. HTTP HTTP access ...
... 9-2. TACACS+ No TACACS+ servers are defined. HTTPS HTTPS access to the switch is disabled. Local User Database No users are defined Line and Enable passwords No passwords are verified against the information in the local user database. • enableList-Method is NONE, which means the user credentials are configured. HTTP HTTP access ...
User Manual
Page 185
... the switch by using Telnet. Figure 9-9. For example, you must first define passwords for these methods. For more information, see "Line Password" on page 194 or "Enable Password" on page 194. Configure Authentication Profile 5 Click Apply. NOTE: To use the LINE or ENABLE method, you can apply the newly created authentication profile to authenticate the...
... the switch by using Telnet. Figure 9-9. For example, you must first define passwords for these methods. For more information, see "Line Password" on page 194 or "Enable Password" on page 194. Configure Authentication Profile 5 Click Apply. NOTE: To use the LINE or ENABLE method, you can apply the newly created authentication profile to authenticate the...
User Manual
Page 188
... RADIUS and TACACS+ are assigned security features, including: • Defining minimum password lengths (the minimum password length is 8 when password length-checking is enabled) • Password expiration • Preventing frequent password reuse • Locking out users out after failed login attempts (Local users only. Passwords for SSH, Telnet, HTTP, HTTPS, and SNMP access are subject to prohibit...
... RADIUS and TACACS+ are assigned security features, including: • Defining minimum password lengths (the minimum password length is 8 when password length-checking is enabled) • Password expiration • Preventing frequent password reuse • Locking out users out after failed login attempts (Local users only. Passwords for SSH, Telnet, HTTP, HTTPS, and SNMP access are subject to prohibit...
User Manual
Page 194
..., click System → Management Security → Line Password in the navigation panel. Figure 9-17. To display the Enable Password page, click System → Management Security → Enable Password in the navigation panel. Figure 9-18. Enable Password 194 Controlling Management Access Line Password Enable Password Use the Enable Password page to set a local password to control CLI access to access the CLI through the...
..., click System → Management Security → Line Password in the navigation panel. Figure 9-17. To display the Enable Password page, click System → Management Security → Enable Password in the navigation panel. Figure 9-18. Enable Password 194 Controlling Management Access Line Password Enable Password Use the Enable Password page to set a local password to control CLI access to access the CLI through the...
User Manual
Page 217
..., use the following commands to configure password security and to use for access to the enable password (Range 8-64). Specify the login authentication list to configure passwords for login and enable access. Specify the enable authentication list to use for the Line and Enable modes. Specify the number of previous passwords that a password should contain. The configured value also...
..., use the following commands to configure password security and to use for access to the enable password (Range 8-64). Specify the login authentication list to configure passwords for login and enable access. Specify the enable authentication list to use for the Line and Enable modes. Specify the number of previous passwords that a password should contain. The configured value also...
User Manual
Page 231
... ------Console Telnet SSH Login Method List defaultList myList myList Enable Method List enableList enableList enableList HTTPS HTTP DOT1X :local :local : Configuring Password Lockout To define the password lockout policy: 1 Configuring the password lockout for a user requires the following steps: Define the local user name and password 2 Select (or configure) an authentication policy for the access...
... ------Console Telnet SSH Login Method List defaultList myList myList Enable Method List enableList enableList enableList HTTPS HTTP DOT1X :local :local : Configuring Password Lockout To define the password lockout policy: 1 Configuring the password lockout for a user requires the following steps: Define the local user name and password 2 Select (or configure) an authentication policy for the access...
User Manual
Page 232
... 3 console(config)#exit 3 View information about the users in time; To configure the switch: 1 Create a local user console#configure console(config)#username abc password password 2 Configure the lockout policy globally and specify that enables password lockout. Password Expiry date Lockout -------False False 232 Controlling Management Access consecutive login failures separated by default, does not have...
... 3 console(config)#exit 3 View information about the users in time; To configure the switch: 1 Create a local user console#configure console(config)#username abc password password 2 Configure the lockout policy globally and specify that enables password lockout. Password Expiry date Lockout -------False False 232 Controlling Management Access consecutive login failures separated by default, does not have...
User Manual
Page 233
...requires authentication by verifying the user name and password against an entry in the local database. console#show authentication methods Login Authentication Method Lists defaultList : none networkList : local Enable Authentication Method Lists enableList : none Line ------Console... Telnet SSH Login Method List defaultList networkList networkList Enable Method List enableList enableList enableList HTTPS HTTP DOT1X :local :local : 5 Configure the serial port for password lockout because it has been globally enabled, and Telnet and SSH use the networkList authentication...
...requires authentication by verifying the user name and password against an entry in the local database. console#show authentication methods Login Authentication Method Lists defaultList : none networkList : local Enable Authentication Method Lists enableList : none Line ------Console... Telnet SSH Login Method List defaultList networkList networkList Enable Method List enableList enableList enableList HTTPS HTTP DOT1X :local :local : 5 Configure the serial port for password lockout because it has been globally enabled, and Telnet and SSH use the networkList authentication...
User Manual
Page 269
...type nonurgent subject "LOG MESSAGES" 7 Verify the configuration. console#show logging email config Email Alert Logging enabled Email Alert From Address pc7048_noreply@dell.com Monitoring and Logging System Information 269 console(config)#logging email error console(config)#logging email urgent emergency console...Alert Mail Server Port 25 Email Alert SecurityProtocol none Email Alert Username switch7048 Email Alert Password password7048 console#show mail-server all other messages to -addr administrator@dell.com 6 Specify the text that will appear in a single email every 120 minutes....
...type nonurgent subject "LOG MESSAGES" 7 Verify the configuration. console#show logging email config Email Alert Logging enabled Email Alert From Address pc7048_noreply@dell.com Monitoring and Logging System Information 269 console(config)#logging email error console(config)#logging email urgent emergency console...Alert Mail Server Port 25 Email Alert SecurityProtocol none Email Alert Username switch7048 Email Alert Password password7048 console#show mail-server all other messages to -addr administrator@dell.com 6 Specify the text that will appear in a single email every 120 minutes....
User Manual
Page 338
...a pregenerated MD5 or SHA key depending on the host that connects to "informs." (Range: 5-32 characters.) • auth-md5 - A password. (Range: 1 to which the user belongs. Enter a pregenerated SHA key. • md5-key - The CBC-DES Symmetric Encryption privacy level...ID is selected. The user should be defined to enable the device to receive acknowledgements to the agent. (Range: 1-30 characters.) [{auth-md5 password | auth-sha password | • groupname - The HMAC-SHA-96 authentication level. • password - username groupname [remote engineid-string] • ...
...a pregenerated MD5 or SHA key depending on the host that connects to "informs." (Range: 5-32 characters.) • auth-md5 - A password. (Range: 1 to which the user belongs. Enter a pregenerated SHA key. • md5-key - The CBC-DES Symmetric Encryption privacy level...ID is selected. The user should be defined to enable the device to receive acknowledgements to the agent. (Range: 1-30 characters.) [{auth-md5 password | auth-sha password | • groupname - The HMAC-SHA-96 authentication level. • password - username groupname [remote engineid-string] • ...
User Manual
Page 447
... Before enabling the Captive Portal feature, decide what type (or types) of users that must use encryption during the user verification process. Since the PowerConnect 7000 Series switches support up to the Captive Portal can configure one Captive Portal that requires a username and password and ...welcome screen, including the colors and logo. The local user database supports up to require. If you can also be customized. To enable the Captive Portal traps, see "Configuring SNMP Notifications (Traps and Informs)" on the page, including the field and button labels. ...
... Before enabling the Captive Portal feature, decide what type (or types) of users that must use encryption during the user verification process. Since the PowerConnect 7000 Series switches support up to the Captive Portal can configure one Captive Portal that requires a username and password and ...welcome screen, including the colors and logo. The local user database supports up to require. If you can also be customized. To enable the Captive Portal traps, see "Configuring SNMP Notifications (Traps and Informs)" on the page, including the field and button labels. ...
User Manual
Page 450
... in support of Proxy networks). 450 Configuring a Captive Portal Default Captive Portal Welcome Screen The user types a name in a database or enter a password to access the network because the default verification mode is disabled by default. By default, the user does not need to be configured to gain... network access. After you enable Captive Portal, no interfaces are obtained for the Captive Portal feature. If you associate an interface with the Captive Portal and globally...
... in support of Proxy networks). 450 Configuring a Captive Portal Default Captive Portal Welcome Screen The user types a name in a database or enter a password to access the network because the default verification mode is disabled by default. By default, the user does not need to be configured to gain... network access. After you enable Captive Portal, no interfaces are obtained for the Captive Portal feature. If you associate an interface with the Captive Portal and globally...
User Manual
Page 482
... pages, see "Customizing a Captive Portal" on the RADIUS server. 9. Add the User-Name, User-Password, Session-Timeout, and Dell-CaptivePortal-Groups attributes for each employee to the local database. Use the Web interface to customize the Captive Portal...name EaglesNest1 console(config-CP)#user 1 password Enter password (8 to 64 characters Re-enter password: ********* console(config-CP)#user 1 group 2 Continue entering username and password combinations to the network. Configure the Employee Captive Portal. console(config-CP)#enable 482 Configuring a Captive Portal console(config...
... pages, see "Customizing a Captive Portal" on the RADIUS server. 9. Add the User-Name, User-Password, Session-Timeout, and Dell-CaptivePortal-Groups attributes for each employee to the local database. Use the Web interface to customize the Captive Portal...name EaglesNest1 console(config-CP)#user 1 password Enter password (8 to 64 characters Re-enter password: ********* console(config-CP)#user 1 group 2 Continue entering username and password combinations to the network. Configure the Employee Captive Portal. console(config-CP)#enable 482 Configuring a Captive Portal console(config...