Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsNetworking S3100 Series

761

762

763

764

765

766

767

768

769

770

Obscuring Passwords and Keys

By default, the service password-encryption command stores encrypted passwords. For greater security, you can also use the

service obscure-passwords command to prevent a user from reading the passwords and keys, including RADIUS, TACACS+ keys,

router authentication strings, VRRP authentication by obscuring this information. Passwords and keys are stored encrypted in the

conguration le and by default are displayed in the encrypted form when the conguration is displayed. Enabling the service

obscure-passwords command displays asterisks instead of the encrypted passwords and keys. This command prevents a user from

reading these passwords and keys by obscuring this information with asterisks.

Password obscuring masks the password and keys for display only but does not change the contents of the le. The string of asterisks is

the same length as the encrypted string for that line of conguration. To verify that you have successfully obscured passwords and keys,

use the show running-config command or show startup-config command.

If you are using role-based access control (RBAC), only the system administrator and security administrator roles can enable the service

obscure-password command.

To enable the obscuring of passwords and keys, use the following command.

• Turn on the obscuring of passwords and keys in the conguration.

CONFIGURATION mode

service obscure-passwords

Example of Obscuring Password and Keys

DellEMC(config)# service obscure-passwords

AAA Authorization

Dell EMC Networking OS enables AAA new-model by default.

You can set authorization to be either local or remote. Dierent combinations of authentication and authorization yield dierent results.

By default, Dell EMC Networking OS sets both to

local.

Privilege Levels Overview

Limiting access to the system is one method of protecting the system and your network. However, at times, you might need to allow others

access to the router and you can limit that access to a subset of commands. In Dell EMC Networking OS, you can congure a privilege

level for users who need limited access to the system.

Every command in Dell EMC Networking OS is assigned a privilege level of 0, 1, or 15. You can congure up to 16 privilege levels in Dell EMC

Networking OS. Dell EMC Networking OS is pre-congured with three privilege levels and you can congure 13 more. The three pre-

congured levels are:

• Privilege level 1 — is the default level for EXEC mode. At this level, you can interact with the router, for example, view some show

commands and Telnet and ping to test connectivity, but you cannot congure the router. This level is often called the “user” level. One

of the commands available in Privilege level 1 is the enable command, which you can use to enter a specic privilege level.

• Privilege level 0 — contains only the end, enable, and disable commands.

• Privilege level 15 — the default level for the enable command, is the highest level. In this level you can access any command in Dell

EMC Networking OS.

Privilege levels 2 through 14 are not congured and you can customize them for dierent users and access.

770

Security