API Guide

ManualsBrandsDell ManualsAccess PlatformsEMC Networking MX9116n

1021

● priv-lvl privilege-level — Enter a privilege level, from 0 to 15. If you do not specify the

priv-lvl option, the system assigns privilege level 1 for the netoperator role and privilege level

15 for the sysadmin, secadmin, and netadmin roles.

Default

● User name and password entries are in clear text.

● There is no default user role.

● The default privilege levels are level 1 for netoperator, and level 15 for sysadmin, secadmin, and

netadmin.

Command Mode CONFIGURATION

Usage

Information

By default, the password must be at least nine alphanumeric characters. Only the following special

characters are supported:

! # % & ' ( ) ; < = > [ ] * + - . / : ^ _

Enter the password in clear text. It is converted to SHA-512 format in the running configuration. For

backward compatibility with OS10 releases 10.3.1E and earlier, passwords entered in MD-5, SHA-256, and

SHA-512 format are supported.

You cannot assign a privilege level higher than privilege level 1 to a user with the netoperator role and

higher than privilege level 2 for a sysadmin, secadmin, and netadmin roles.

To increase the required password strength, use the password-attributes command. The no

version of this command deletes the authentication for a user.

Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0E(R3S).

Also supported in SmartFabric mode starting in release 10.5.0.1.

Example

OS10(config)# username user05 password newpwd404 role sysadmin priv-lvl

Supported

Releases

10.2.0E or later

AAA

Authentication, authorization, and accounting (AAA) services secure networks against unauthorized access. In addition to local

authentication, OS10 supports remote authentication dial-in user service (RADIUS) and terminal access controller access control

system (TACACS+) client/server authentication systems. For RADIUS and TACACS+, an OS10 switch acts as a client and sends

authentication requests to a server that contains all user authentication and network service access information.

A RADIUS or TACACS+ server provides: authentication of user credentials, authorization using role-based permissions, and

accounting services. You can configure the security protocol used for different login methods and users. RADIUS provides

limited authorization and accounting services compared to TACACS+. If you use a RADIUS or TACACS+ security server,

configure the required security parameters on the server by following the procedures in the server documentation.

AAA configuration

On the switch, AAA configuration consists of setting up access control and accounting services:

1. Configure the authentication methods used to allow access to the switch.

2. Configure the level of command authorization for authenticated users.

3. Configure security settings for user sessions.

4. Enable AAA accounting.

AAA authentication

An OS10 switch uses a list of authentication methods to define the types of authentication and the sequence in which they

apply. By default, OS10 uses only the local authentication method.

Security

1025