Manualshelf

API Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4112F-ON/S4112T-ON
1011101210131014101510161017101810191020
Security
Dell EMC SmartFabric OS10 provides various security features for the switch and also to the network. The important security
features include:
Local and remote authentication to prevent unauthorized access to the switch
Authentication, authorization, and accounting services to secure networks against unauthorized access
Restrict ingress traffic on an interface using port security
Secure encrypted connection using SSH
Limit user access using privilege levels
Limit concurrent login sessions
User configuration
You can create user accounts to access the OS10 switches. Each user account is defined with username, password, and a role
to limit OS10 switch access.
Role-based access control
RBAC provides control for access and authorization. Users are granted permissions based on defined roles not on their
individual system user ID. Create user roles based on job functions to help users perform their associated job functions. You can
assign each user only a single role, and many users can have the same role. A user role authenticates and authorizes a user at
login, and places the user in EXEC mode. For more information, see CLI basics.
OS10 supports four pre-defined roles: sysadmin, secadmin, netadmin, and netoperator. Each user role assigns
permissions that determine the commands a user can enter, and the actions a user can perform. RBAC provides an easy and
efficient way to administer user rights. If a users role matches one of the allowed user roles for a command, command
authorization is granted.
The OS10 RBAC model provides separation of duty and greater security. It places limitations on each roles permissions to allow
you to partition tasks. For greater security, only some user roles can view events, audits, and security system logs.
Assign user role
To limit OS10 system access, assign a role when you configure each user.
Enter a user name, password, and role in CONFIGURATION mode.
username username password password role role
username username Enter a text string. A maximum of 32 alphanumeric characters; 1 character minimum.
password password Enter a text string. A maximum of 32 alphanumeric characters; 9 characters minimum.
role role Enter a user role:
sysadmin Full access to all commands in the system, exclusive access to commands that manipulate the file
system, and access to the system shell. A system administrator can create user IDs and user roles.
secadmin Full access to configuration commands that set security policy and system access, such as password
strength, AAA authorization, and cryptographic keys. A security administrator can display security information, such
as cryptographic keys, login statistics, and log information.
netadmin Full access to configuration commands that manage traffic flowing through the switch, such as routes,
interfaces, and ACLs. A network administrator cannot access configuration commands for security features or view
security information.
netoperator Access to EXEC mode to view the current configuration with limited access. A network operator
cannot modify any configuration setting on a switch.
18
Security 1011