Technical data
BLADE OS 5.1 Application Guide
38
Chapter 1: Accessing the Switch BMD00136, November 2009
End User Access Control
BLADE OS allows an administrator to define end user accounts that permit end users to perform
operation tasks via the switch CLI commands. Once end user accounts are configured and enabled,
the switch requires username/password authentication.
For example, an administrator can assign a user, who can then log into the switch and perform
operational commands (effective only until the next switch reboot).
Considerations for Configuring End User Accounts
A maximum of 10 user IDs are supported on the switch.
BLADE OS supports end user support for Console, Telnet, BBI, and SSHv1/v2 access to the
switch.
If RADIUS authentication is used, the user password on the Radius server will override the
user password on the G8000. Also note that the password change command on the switch only
modifies the use switch password and has no effect on the user password on the Radius server.
Radius authentication and user password cannot be used concurrently to access the switch.
Passwords can be up to 128 characters in length for TACACS, RADIUS, Telnet, SSH, Console,
and Web access.
Strong Passwords
The administrator can require use of Strong Passwords for users to access the G8000. Strong
Passwords enhance security because they make password guessing more difficult.
The following rules apply when Strong Passwords are enabled:
Each passwords must be 8 to 14 characters
Within the first 8 characters, the password:
must have at least one number or one symbol
must have both upper and lower case letters
cannot be the same as any four previously used passwords
The following are examples of strong passwords:
1234AbcXyz
Super+User
Exo1cet2
The administrator can choose the number of days allowed before each password expires. When a
strong password expires, the user is allowed to log in one last time (last time) to change the
password. A warning provides advance notice for users to change the password.