Connectivity Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4112F-ON/S4112T-ON

781

782

783

784

785

786

787

788

789

790

OS10 supports four pre-dened roles: sysadmin, secadmin, netadmin, and netoperator. Each user role assigns permissions that determine

the commands a user can enter, and the actions a user can perform. RBAC provides an easy and ecient way to administer user rights. If a

user’s role matches one of the allowed user roles for a command, command authorization is granted.

The OS10 RBAC model provides separation of duty as well as greater security. It places some limitations on each role’s permissions to allow

you to partition tasks. For greater security, only some user roles can view events, audits, and security system logs.

Assign user role

To limit OS10 system access, assign a role when you congure each user.

• Enter a user name, password, and role in CONFIGURATION mode.

username username password password role role

– username username — Enter a text string. A maximum of 32 alphanumeric characters; 1 character minimum.

– password password — Enter a text string. A maximum of 32 alphanumeric characters; 9 characters minimum.

– role role — Enter a user role:

◦ sysadmin — Full access to all commands in the system, exclusive access to commands that manipulate the le system, and

access to the system shell. A system administrator can create user IDs and user roles.

◦ secadmin — Full access to conguration commands that set security policy and system access, such as password strength,

AAA authorization, and cryptographic keys. A security administrator can display security information, such as cryptographic

keys, login statistics, and log information.

◦ netadmin — Full access to conguration commands that manage trac owing through the switch, such as routes,

interfaces, and ACLs. A network administrator cannot access conguration commands for security features or view security

information.

◦ netoperator — Access to EXEC mode to view the current conguration. A network operator cannot modify any

conguration setting on a switch.

Create user and assign role

OS10(config)# username smith password silver403! role sysadmin

View users

OS10# show users

Index Line User Role Application Idle Login-Time Location

----- ---- ------ ------ ----------- ---- --------------------- -------------

1 ttyS root root -bash >24h 2018-05-23 T23:05:03Z console

2 pts/0 admin sysadmin bash 1.1s 2018-05-30 T20:04:27Z 10.14.1.214[ssh]

Bootloader Protection

Protecting the bootloader via a GRUB password is essential to prevent unauthorised users with malicious intent from accessing your

switch. OS10 provides a set of three commands which allow you to enable, disable or view bootloader protection information.

This feature is available only for the sysadmin and secadmin roles.

WARNING

: When you enable this feature ensure to keep a copy of a congured username and password, as you cannot recover

the switch without the congured credentials.

•

To enable bootloader protection, use the boot protect enable username username password password command.

This command allows you to setup a username and password for bootloader protection. You can congure a maximum of three users

per console.

boot protect enable username password

OS10# boot protect enable username root password calvin

788

Security