IronPort Systems 4108GL User Manual
Page 158
9-4
Using Passwords and TACACS+ To Protect Against Unauthorized Access
Configuring Username and Password Security
Usi
n
g P
a
ssword
s a
nd
T
A
CA
CS
+
N o t e
Usernames are optional. Also, in the menu interface and CLI, you can config-
ure passwords, but not usernames. To configure usernames, use the web
browser interface.
To configure password security:
1.
Set a Manager password pair (and an Operator password pair, if applicable
for your system).
2.
Exit from the current console session. A Manager password pair will now
be needed for full access to the console.
If you do steps 1 and 2, above, then the next time a console session is started
for either the menu interface or the CLI, a prompt appears for a password.
Assuming you have protected both the Manager and Operator levels, the level
of access to the console interface will be determined by which password is
entered in response to the prompt.
If you set a Manager password, you may also want to configure the
Inactivity Time parameter (see page 6-4). This causes the console session to
end after the specified period of inactivity, thus giving you added security
against unauthorized console access.
N o t e
The manager and operator passwords and (optional) user-names control
access to the menu interface, CLI, and web browser interface.
If you configure only a Manager password (with no Operator password), and
the Manager password is not entered correctly when the console session
begins, the switch denies access to the console
Level Actions
Permitted
Manager:
Access to all console interface areas.
This is the default level. That is, if a Manager password has not been set prior
to starting the current console session, then anyone having access to the
console can access any area of the console interface.
Operator:
Access to the Status and Counters menu, the Event Log, and the CLI*, but no
Configuration capabilities.
On the Operator level, the configuration menus, Download OS, and Reboot
Switch options in the Main Menu are not available.
*Allows use of the ping, link-test, show, menu, exit, and logout commands, plus the enable
command if you can provide the Manager password.