Product specifications

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface

131

132

133

134

135

136

137

138

139

140

Chapter 5: System Security Efficient Networks

Router family

Technical Reference Guide

Page 5-2 Efficient Networks

User Authentication

User authentication is feature that provides local protection against unauthorized

configuration and operation of router. User accounts are established and are then

authenticated via three-tiered scheme:

• User verification - Verifies the validity of the user account by username and

password. If the user exists, the account status (enabled/disabled) is verified.

• User access - Verifies the user account has privilege for the access method

(interface) being attempted.

• User management class - Verifies the user has privilege to access or execute

specified command classes.

The first authentication is performed when an access request is made to the system.

The username and password pair are supplied by the user and verified in the user

database (specified by the User Lookup). If the pair is authenticated and the user

account is enabled, the next authentication is performed on the access method. If the

source of the access request (console, WAN or LAN) is authorized for the account,

the session is allowed. upon successful connection, the user prompt will reflect the

username as shown below. If any of the criteria is not authenticated, the session is not

allowed.

The third authentication action is management class verification. Each command (of

the command line interface) or page (of the WEB management interface) is

associated with one or more management classes. When the user attempts to

execute a command, or view a page, the action (request) is checked against the

account management class and read/write privileges and a decision is made to allow

access or deny the request. Management class privileges are described in more

detail in “Management Classes” on page 5-3.

User Account Information

Each user account is composed of a username, password, and corresponding

privileges. The system supports up to 15 user accounts that are stored in the local file

system. Additional accounts can be configured if a RADIUS Server is configured and

the key-enabled feature Radius Client has been enabled.

WEB Management Interface Command Line Interface

myname@console->

Note: Command line sessions

also display the access method

of the connection.