Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4128F-ON/S4128T-ON

511

512

513

514

515

516

517

518

519

520

aaa authentication login default local

aaa authentication login console local

User re-authentication

To prevent users from accessing resources and performing tasks for which they are not authorized, OS10 allows you to require users to re-

authenticate by logging in again when an authentication method or server changes, such as:

• Adding or removing a RADIUS server (radius-server host command)

• Adding or removing an authentication method (aaa authentication login {console | default} {local | group

radius | group tacacs+} command)

You can enable this feature so that user re-authentication is required when any of these actions are performed. In these cases, logged-in

users are logged out of the switch and all OS10 sessions are terminated. By default, user re-authentication is disabled.

Enable user re-authentication

• Enable user re-authentication in CONFIGURATION mode.

aaa re-authenticate enable

Enter the no form of the command to disable user re-authentication.

Password strength

By default, the password you congure with the username password command must be at least nine alphanumeric characters.

To increase password strength, you can create password rules using the password-attributes command. When you enter the

command, at least one parameter is required. When you enter the

character-restriction parameter, at least one option is required.

• Create rules for stronger passwords in CONFIGURATION mode.

password-attributes {[min-length number] [character-restriction {[upper number]

[lower number][numeric number] [special-char number]}}

– min-length number — Enter the minimum number of required alphanumeric characters (6 to 32; default 9).

– character-restriction — Enter a requirement for the alphanumeric characters in a password:

◦ upper number — Minimum number of uppercase characters required (0 to 31; default 0).

◦ lower number — Minimum number of lowercase characters required (0 to 31; default 0).

◦ numeric number — Minimum number of numeric characters required (0 to 31; default 0).

◦ special-char number — Minimum number of special characters required (0 to 31; default 0).

Create password rules

OS10(config)# password-attributes min-length 7 character-restriction upper 4 numeric 2

Display password rules

OS10(config)# do show running-configuration password-attributes

password-attributes min-length 7 character-restriction upper 4 numeric 2

Role-based access control

RBAC provides control for access and authorization. Users are granted permissions based on dened roles — not on their individual system

user ID. Create user roles based on job functions to help users perform their associated job function. You can assign each user only a single

System management

519