Manualshelf

Configuration manual

ManualsBrandsEnterasys ManualsSwitchEnterasys C5G124-24
81828384858687888990
User Account Overview
5-2 User Account and Password Management
The start and end hour and minute time period for which access will be allowed for this user
based upon 24 hour time. (Not applicable for super user accounts.)
The days of the week for which access will be allowed for this user. (Not applicable for super
user accounts.)
The authentication scope for this user — authentication is only by way of the local user
database even with RADIUS or TACACS+ configured, or authentication is by way of
configured methods, which is the default value.
The number of days to age the password. A non-zero value supercedes the aging configured
in set system password, for this user.
The number of simultaneous logins allowed from the user. The switch is capable of verifying
that a specified user is only connected to the product a configurable number of times. Any
attempt for a specified user to exceed the configured limit results in a trap.
For example, if simultaneous logins is set to 1, a specific user would not be able to Telnet to the
switch, and then simultaneously try to SSH to the switch or access local management via the
console port.
Use the clear system login command to remove a local user account or to reset any configured
parameters to their default values. If none of the optional parameters shown indented below are
entered, the user account is deleted.
clear system login username
[allowed-interval]
[allowed-days]
[local-only]
[aging]
[simultaneous-logins]
User account access to features is affected by the security mode of the switch. Differences in access
on a command basis are described in the CLI Reference for your platform.
For information about security modes and profiles, see Chapter 26, Configuring Security
Features. See Table 5-1 on page 5-7 for a list of account and password defaults by security mode.
See “User Account Configurationon page 5-3 for procedures and examples for creating user
accounts.
Emergency Access User Account
The fixed switches support the ability to identify an emergency access user with the set system
lockout emergency-access <username> command. An emergency access user account is allowed
emergency access to the switch through the console port.
Before identifying an emergency access user with the set system lockout command, the user
account must be configured with super-user access rights with the set system login and set
password commands.
A user account cannot be deleted while it is the emergency access account.
Only one EA user is supported at a time and one shall always exist. The default admin user is
the default EA user.
EA status can only be removed by replacing it with another account.
EA user access not made through the console port will be subject to normal password
handling.
When the password reset button is enabled, it will restore the default admin account as the
EA user.