API Guide
Table Of Contents
- Dell EMC SmartFabric OS10 Security Best Practices Guide May 2021
- Contents
- OS10 security best practices
○ username username—Enter a text string; 32 alphanumeric characters maximum; one character minimum.
○ password password—Enter a text string; 32 alphanumeric characters maximum, nine characters minimum.
○ role role—Enter a user role:
■ sysadmin—Full access to all commands in the system, exclusive access to commands that manipulate the file
system, and access to the system shell. A system administrator can create user IDs and user roles.
■ secadmin—Full access to configuration commands that set security policy and system access, such as password
strength, AAA authorization, and cryptographic keys. A security administrator can display security information, such
as cryptographic keys, login statistics, and log information.
■ netadmin—Full access to configuration commands that manage traffic flowing through the switch, such as routes,
interfaces, and ACLs. A network administrator cannot access configuration commands for security features or view
security information.
■ netoperator—Access to EXEC mode to view the current configuration. A network operator cannot modify
configuration settings on a switch.
○ priv-lvl privilege-level—Enter a privilege level, from 0 to 15.
■ Level 0—Provides users the least privilege, restricting access to basic commands.
■ Level 1—Provides access to a set of show commands and certain operations such as ping, traceroute, and so on.
■ Level 15—Provides access to all available commands, equivalent to the commands permitted with the sysadmin
role.
■ Levels 0, 1, and 15—System configured privilege levels with a predefined command set.
■ Levels 2 to 14—Not configured. You can customize these levels for different users and access rights.
● Configure an enable password for each privilege level in CONFIGURATION mode. Use the enable password command to
switch between privilege levels and access the commands that are supported at each level.
OS10(config)# enable password encryption-type password-string priv-lvl privilege-level
OS10(config)# exit
OS10# write memory
○ encryption-type—Enter an encryption type for the password entry:
■ 0—Use plain text with no password encryption.
■ sha-256—Encrypt the password using the SHA-256 algorithm.
■ sha-512—Encrypt the password using the SHA-512 algorithm.
NOTE: Ensure that you use either sha-256 or sha512 encryption for your passwords.
○ priv-lvl privilege-level—Enter a privilege level, from 1 to 15.
NOTE: Use SHA-256 or SHA-512 for password encryption.
OS10(config)# privilege exec priv-lvl 12 "show version"
OS10(config)# privilege exec priv-lvl 12 "configure terminal"
OS10(config)# privilege configure priv-lvl 12 "interface ethernet"
OS10(config)# privilege interface priv-lvl 12 "ip address"
OS10(config)# username delluser password $6$Yij02Phe2n6whp7b$ladskj0HowijIlkajg981 role
secadmin priv-lvl 12
OS10(config)# enable password sha-256 $5$2uThib1o$84p.tykjmz/w7j26ymoKBjrb7uepkUB priv-
lvl 12
OS10(config)# exit
OS10# write memory
View users and their roles
The following shows the users that are configured on the local system, their roles, and the assigned privilege levels:
OS10# show running-configuration users
username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/
VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgNs5BKH. role sysadmin priv-lvl 15
OS10# show running-configuration userrole
OS10 security best practices
9