45 configuring user management – CANOGA PERKINS 9175 Configuration Guide User Manual
Page 268
CanogaOS Configuration Guide
45-1
45 Configuring User Management
User management increases the security of the system by keeping the unauthorized
users from guessing the password. The user is limited to a specific number of attempts
to successfully log in to the switch.
There are three load modes in the switch. In “no login” mode, anyone can load the switch
without authentication. In “login” mode, there is only one default user. In “login local”
mode, if you want to load the switch you need to have a user account.
Local user authentication uses local user accounts and passwords that you create to
validate the login attempts of local users. Each switch has a maximum of 32 local user
accounts. Before you can enable local user authentication, you must define at least one
local user account.
You can set up local user accounts by creating a unique username and password
combination for each local user. Each username must be fewer than 32 characters.
You can configure each local user account with a privilege level; the valid privilege levels
are 0 or 15. Once a local user is logged in, only the commands those are available for
that privilege level can be displayed.
45.1 Configuring the user management in login local mode
45.1.1 Enabling
password
checking
In order to authenticate the user access by a user name and password, the login mode
must be set to login local first as following steps:
DUT# configure terminal
Enter global configuration mode.
DUT(config)# line vty 0 7
Enter line configuration mode, use line console 0 if you
want to set console port access.
DUT(config-line)# login local
Enable local login authentication on the switch.
DUT(config)# exit
Exit the Configure mode
This is a sample output from the command displaying how to enable local login
authentication on the switch:
DUT(config)# line console 0
DUT(config-line)# login local
45.1.2 Setting high level of cipher detect
If you have set high level of cipher detect, the password must contain digital, normal char
and special char. And if you have set normal level of cipher detect, the password must
contain digital and normal char. The password can be any char, if you don’t choose
cipher detect.
To set high level of cipher detect, follow these steps:
DUT# configure terminal
Enter global configuration mode.
DUT(config)# cipher detect strong
Set high level of cipher detect on the switch
DUT(config)# exit
Exit the Configure mode