Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4112F-ON/S4112T-ON

1321

○ interface — Accesses Ethernet, fibre-channel, loopback, management, null, port-group, lag, breakout, range,

port-channel, and VLAN modes.

○ route-map — Accesses route-map mode.

○ router — Accesses router-bgp and router-ospf modes.

○ line — Accesses line-vty mode.

● priv-lvl privilege-level — Enter the number of a privilege level, from 2 to 14.

● command-string — Enter the commands supported at the privilege level.

2. Create a user name, password, and role, and assign a privilege level in CONFIGURATION mode.

username username password password role role priv-lvl privilege-level

● username username — Enter a text string; 32 alphanumeric characters maximum; one character minimum.

● password password — Enter a text string; 32 alphanumeric characters maximum, nine characters minimum.

● role role — Enter a user role:

○ sysadmin — Full access to all commands in the system, exclusive access to commands that manipulate the file

system, and access to the system shell. A system administrator can create user IDs and user roles.

○ secadmin — Full access to configuration commands that set security policy and system access, such as password

strength, AAA authorization, and cryptographic keys. A security administrator can display security information, such

as cryptographic keys, login statistics, and log information.

○ netadmin — Full access to configuration commands that manage traffic flowing through the switch, such as routes,

interfaces, and ACLs. A network administrator cannot access configuration commands for security features or view

security information.

○ netoperator — Access to EXEC mode to view the current configuration with limited access. A network operator

cannot modify any configuration setting on a switch.

● priv-lvl privilege-level—Enter a privilege level, from 0 to 15. If you do not specify the priv-lvl option, the

system assigns privilege level 1 for the netoperator user and privilege level 15 for the sysadmin, secadmin, and

netadmin users.

The following is an example of configuring privilege levels and assigning them to a user:

OS10(config)# privilege exec priv-lvl 12 "show version"

OS10(config)# privilege exec priv-lvl 12 "configure terminal"

OS10(config)# privilege configure priv-lvl 12 "interface ethernet"

OS10(config)# privilege interface priv-lvl 12 "ip address"

OS10(config)# username delluser password $6$Yij02Phe2n6whp7b$ladskj0HowijIlkajg981 role

secadmin priv-lvl 12

The following example shows the privilege level of the current user:

OS10# show privilege

Current privilege level is 15.

The following example displays the privilege levels of all users who are logged into OS10:

OS10# show users

Index Line User Role Application Idle Login-Time Location Privilege

----- ------ ----- ----- ----------- ---- ----------- -------- ---------

1 pts/0 admin sysadmin bash >24h 2018-09-08 T06:51:37Z 10.14.1.91 [ssh] 15

2 pts/1 netad netadmin bash >24h 2018-09-08 T06:54:33Z 10.14.1.91 [ssh] 10

Configure enable password for a privilege level

After you configure privilege levels for users, assign commands to each level and an enable password to access each level:

1. Configure a privilege level and assign commands to it in CONFIGURATION mode.

privilege mode priv-lvl privilege-level command-string

● mode — Enter the privilege mode used to access CLI modes:

○ exec — Accesses EXEC mode.

○ configure — Accesses class-map, DHCP, logging, monitor, openflow, policy-map, QOS, support-assist, telemetry,

CoS, Tmap, UFD, VLT, VN, VRF, WRED, and alias modes.

1326

Security