Chapter 69: Local Manager Accounts
1092 Section XI: Management Security
Overview
The switch comes with one manager account. The account has the user
name “manager” and default password “friend.” If you are the only
manager of the switch, you may not need more than one manager
account. But if the switch will be managed by more than one administrator,
you may want to create additional accounts so that each manager has a
separate account.
There are two ways to add more manager accounts. One method adds
local accounts. A local account is so called because it is the switch that
authenticates the user name and password when a manager logs. The
default manager account is a local account. This chapter explains how to
create more local accounts.
The switch also supports remote manager accounts. These are accounts
that are authenticated by a RADIUS or TACACS+ server on your network.
For information, refer to Chapter 81, “RADIUS and TACACS+ Clients” on
page 1187.
Privilege Levels Manager accounts have privilege levels that determine where in the
command mode structure managers can go and, consequently, which
commands they can access. The privilege levels are 1 and 15.
Manager accounts with a privilege level of 15 have access to the entire
command mode structure and, thus, to all of the commands. Managers
should be assigned accounts with this level if they need to configure the
parameter settings of the switch. The default manager account has this
privilege level.
Manager accounts with a privilege level of 1 are restricted to the User
Exec mode, in which many of the SHOW commands are stored. Accounts
with this level are appropriate for managers who only need to monitor the
switch. If a manager attempts to use the ENABLE command to move from
the User Exec mode to the Privileged Exec mode, the switch displays this
error message.
Figure 174. Manager Accounts with the Privilege Level 1
awplus Login: adams
Password: ********
awplus> enable
Only Manager Level Can Get into This Mode.
awplus>
To Next Page
Loading...
