Users Guide

• TACACS+ — When using TACACS+, Dell Networking sends an initial packet with service type SVC_ENABLE, and then sends a second

packet with just the password. The TACACS server must have an entry for username $enable$.

router authentication strings, VRRP authentication by obscuring this information. Passwords and keys are stored encrypted in the

conguration le and by default are displayed in the encrypted form when the conguration is displayed. Enabling the service

obscure-passwords

reading these passwords and keys by obscuring this information with asterisks.

Password obscuring masks the password and keys for display only but does not change the contents of the le. The string of asterisks is

the same length as the encrypted string for that line of conguration. To verify that you have successfully obscured passwords and keys,

use the show running-config command or show startup-config command.

If you are using role-based access control (RBAC), only the system administrator and security administrator roles can enable the service

obscure-password command.

Dell Networking OS enables AAA new-model by default.

You can set authorization to be either local or remote. Dierent combinations of authentication and authorization yield dierent results.

By default, Dell Networking OS sets both to

Privilege Levels Overview

Limiting access to the system is one method of protecting the system and your network. However, at times, you might need to allow others

access to the router and you can limit that access to a subset of commands. In Dell Networking OS, you can congure a privilege level for

users who need limited access to the system.

Every command in Dell Networking OS is assigned a privilege level of 0, 1, or 15. You can congure up to 16 privilege levels in Dell