Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4128F-ON/S4128T-ON

511

512

513

514

515

516

517

518

519

520

role, and many users can have the same role. A user role authenticates and authorizes a user at login, and places you in EXEC mode (see

CLI basics).

OS10 supports four pre-dened roles: sysadmin, secadmin, netadmin, and netoperator. Each user role assigns permissions that determine

the commands a user can enter, and the actions a user can perform. RBAC provides an easy and ecient way to administer user rights. If a

user’s role matches one of the allowed user roles for a command, command authorization is granted.

The OS10 RBAC model provides separation of duty as well as greater security. It places some limitations on each role’s permissions to allow

you to partition tasks. For greater security, only some user roles can view events, audits, and security system logs.

Assign user role

To limit OS10 system access, assign a role when you congure each user.

• Enter a user name, password, and role in CONFIGURATION mode.

username username password password role role

– username username — Enter a text string (up to 32 alphanumeric characters; 1 character minimum).

– password password — Enter a text string (up to 32 alphanumeric characters; 9 characters minimum).

– role role — Enter a user role:

◦ sysadmin — Full access to all commands in the system, exclusive access to commands that manipulate the le system, and

access to the system shell. A system administrator can create user IDs and user roles.

◦ secadmin — Full access to conguration commands that set security policy and system access, such as password strength,

AAA authorization, and cryptographic keys. A security administrator can display security information, such as cryptographic

keys, login statistics, and log information.

◦ netadmin — Full access to conguration commands that manage trac owing through the switch, such as routes,

interfaces, and ACLs. A network administrator cannot access conguration commands for security features or view security

information.

◦ netoperator — Access to EXEC mode to view the current conguration. A network operator cannot modify any

conguration setting on a switch.

Create user and assign role

OS10(config)# username smith password silver403! newuser role sysadmin

View users

OS10# show users

Index Line User Role Application Idle Login-Time Location

----- ---- ------ ------ ----------- ---- --------------------- -------------

1 ttyS root root -bash >24h 2018-05-23 T23:05:03Z console

2 pts/0 admin sysadmin bash 1.1s 2018-05-30 T20:04:27Z 10.14.1.214[ssh]

RADIUS authentication

To congure a RADIUS server for authentication, enter the server's IP address or host name, and the key used to authenticate the OS10

switch on a RADIUS host. You can enter the authentication key in plain text or encrypted format. You can change the UDP port number on

the server.

• Congure a RADIUS authentication server in CONFIGURATION mode. By default, a RADIUS server uses UDP port 1812.

radius-server host {hostname | ip-address} key {0 authentication-key | 9 authentication-key

| authentication-key} [auth-port port-number]

Re-enter the radius-server host command multiple times to congure more than one RADIUS server. If you congure multiple

RADIUS servers, OS10 attempts to connect in the order you congured them. An OS10 switch connects with the congured RADIUS

520

System management