Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4112F-ON/S4112T-ON

451

452

453

454

455

456

457

458

459

460

You can enable this feature so that user re-authentication is required when any of these actions are performed. In these cases, logged-in

users are logged out of the switch and all OS10 sessions are terminated. By default, user re-authentication is disabled.

Enable user re-authentication

• Enable user re-authentication in CONFIGURATION mode.

aaa re-authenticate enable

Enter the no form of the command to disable user re-authentication.

Password strength

By default, the password you congure with the username password command must be at least nine alphanumeric characters.

To increase password strength, you can create password rules using the password-attributes command. When you enter the

command, at least one parameter is required. When you enter the character-restriction parameter, at least one option is required.

• Create rules for stronger passwords in CONFIGURATION mode.

password-attributes {[min-length number] [character-restriction {[upper number]

[lower number][numeric number] [special-char number]}}

– min-length number — Enter the minimum number of required alphanumeric characters (6 to 32; default 9).

– character-restriction — Enter a requirement for the alphanumeric characters in a password:

◦ upper number — Minimum number of uppercase characters required (0 to 31; default 0).

◦ lower number — Minimum number of lowercase characters required (0 to 31; default 0).

◦ numeric number — Minimum number of numeric characters required (0 to 31; default 0).

◦ special-char number — Minimum number of special characters required (0 to 31; default 0).

Create password rules

OS10(config)# password-attributes min-length 7 character-restriction upper 4 numeric 2

Display password rules

OS10(config)# do show running-configuration password-attributes

password-attributes min-length 7 character-restriction upper 4 numeric 2

Role-based access control

RBAC provides control for access and authorization. Users are granted permissions based on dened roles — not on their individual system

user ID. Create user roles based on job functions to help users perform their associated job function. You can assign each user only a single

role, and many users can have the same role. When you enter a user role, you are authenticated and authorized. You do not need to enter

an enable password because you are automatically placed in EXEC mode.

OS10 supports the constrained RBAC model. With this model, you can inherit permissions when you create a new user role, restrict or add

commands a user can enter, and set the actions the user can perform. This allows greater exibility when assigning permissions for each

command to each role. Using RBAC is easier and more ecient to administer user rights. If a user’s role matches one of the allowed user

roles for that command, command authorization is granted.

A constrained RBAC model provides separation of duty as well as greater security. A constrained model places some limitations on each

role’s permissions to allow you to partition tasks. Some inheritance is possible. For greater security, only some user roles can view events,

audits, and security system logs.

458

System management