Operation Manual

Configuration Guide 590

Configuring Network Security AAA Configuration

7.1.6 Configuring Login Account and Enable Password

The login account and Enable password can be configured locally on the switch or centrally

on the RADIUS/TACACS+ server(s).



On the Switch

The local username and password for login can be configured in the User Management

feature. For details, refer to

Managing System

To configure the local Enable password for getting administrative privileges, choose the

menu Network Security > AAA > Global Config to load the following page.

Figure 7-9 Configure Enable Password

Specify the Enable password in the Enable Admin section, and click Apply.

Tips:

The logged-in guests can enter the Enable password on this page to get

administrative privileges.



On the Server

The accounts created by the RADIUS/TACACS+ server can only view the configurations

and some network information without the Enable password.

Some configuration principles on the server are as follows:



For Login authentication configuration, more than one login account can be created on

the server. Besides, both the user name and password can be customized.



For Enable password configuration:

On RADIUS server, the user name should be set as $enable$, and the Enable password

is customizable. All the users trying to get administrative privileges share this Enable

password.

On TACACS+ server, the Enable password is set with the login account, and each

account has its own Enable password.

Tips:

The logged-in guests can get administrative privileges by using the command

enable-admin and providing the Enable password.