Connectivity Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4112F-ON/S4112T-ON

781

782

783

784

785

786

787

788

789

790

aaa authentication login default local

aaa authentication login console local

User re-authentication

To prevent users from accessing resources and performing tasks for which they are not authorized, OS10 allows you to require users to re-

authenticate by logging in again when an authentication method or server changes, such as:

• Adding or removing a RADIUS server using the radius-server host command

• Adding or removing an authentication method using the aaa authentication login {console | default} {local |

group radius | group tacacs+} command

You can enable this feature so that user re-authentication is required when any of these actions are performed. In these cases, logged-in

users are logged out of the switch and all OS10 sessions terminate. By default, user re-authentication is disabled.

Enable user re-authentication

• Enable user re-authentication in CONFIGURATION mode.

aaa re-authenticate enable

The no version of this command disables user re-authentication.

Password strength

By default, the password you congure with the username password command must be at least nine alphanumeric characters.

To increase password strength, you can create password rules using the password-attributes command. When you enter the

command, at least one parameter is required. When you enter the

character-restriction parameter, at least one option is required.

• Create rules for stronger passwords in CONFIGURATION mode.

password-attributes {[min-length number] [character-restriction {[upper number]

[lower number][numeric number] [special-char number]}}

– min-length number — Enter the minimum number of required alphanumeric characters, from 6 to 32; default 9.

– character-restriction — Enter a requirement for the alphanumeric characters in a password:

◦ upper number — Minimum number of uppercase characters required, from 0 to 31; default 0.

◦ lower number — Minimum number of lowercase characters required, from 0 to 31; default 0.

◦ numeric number — Minimum number of numeric characters required, from 0 to 31; default 0.

◦ special-char number — Minimum number of special characters required, from 0 to 31; default 0.

Create password rules

OS10(config)# password-attributes min-length 7 character-restriction upper 4 numeric 2

Display password rules

OS10(config)# do show running-configuration password-attributes

password-attributes min-length 7 character-restriction upper 4 numeric 2

Role-based access control

RBAC provides control for access and authorization. Users are granted permissions based on dened roles — not on their individual system

user ID. Create user roles based on job functions to help users perform their associated job function. You can assign each user only a single

role, and many users can have the same role. A user role authenticates and authorizes a user at login, and places you in EXEC mode (see

CLI basics).

Security

787