Manualshelf

User guide

ManualsBrandsAllied Telesis ManualsSwitchC613-02013-00
21222324252627282930
24 AR400 Series User Guide
Software Release 2.4.1
C613-02021-00 REV B
using an internal database called the User Authentication Database, or by
interrogation of external RADIUS (Remote Authentication Dial In User Service) or
TACACS (Terminal Access Controller Access System) servers.
To use an account with manager privilege, log in to the account by entering the
command:
LOGIN
The router prompts you to enter a user name and password. To return to USER
mode, enter the command:
LOGOFF
Make sure that you do not leave a manager session unattended. Unauthorised
use of a manager session gives access to the User Authentication Database. To
reduce the risk of unauthorised activity, a subset of manager commands, called
the security commands, have a security timer. These are shown are shown in
Table 3 on page 24. When a security command is entered from a manager
session, the security timer is started and is then restarted each time an
additional security command is entered. If a security command is entered after
the timer has expired, the manager is prompted to re-enter the password
correctly before the command is actioned. The secure delay timer is by default
60 seconds. If the password is not entered correctly the password prompt is
repeated a set number of times. If the correct password is still not entered a log
message is generated and the session is logged off.
The security timer enables a manager to make successive additions and
modifications to the database at one time without having to re-enter the
password for every command.
The security timer does not provide a foolproof security mechanism. Managers
should always attempt to log out of a manager session before leaving a
terminal unattended.
If the router is operating in security mode, the manager must also log in to a user
account with SECURITY OFFICER privilege in order to execute any of the commands
listed in Table 3 on page 24.
Table 3: Secure commands controlled by the security timer.
Command Description
ADD TACACS SERVER Adds a TACACS server to the list of TACACS servers used
for user authentication.
ADD USER Adds a user to the User Authentication Database.
DELETE TACACS SERVER Deletes a TACACS server from the list of TACACS servers
used for user authentication.
DELETE USER Deletes a user from the User Authentication Database.
PURGE USER Deletes all users except MANAGER from the User
Authentication Database.
SET MANAGER PORT Assigns a port semipermanent MANAGER privilege.
SET USER Modifies a user record in the User Authentication Database.