EasyManua.ls Logo

ELTEX ESR-1000 - Warnings; Configuration Example

Default Icon
650 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
ESR series service routers.ESR-Series. User manual
107
It is recommended to enable logging of commands entered by the user.
It is recommended to use several authentication methods for logging in to devices via console, remote
login to devices and privilege escalation. A combination of RADIUS/TACACS/LDAP authentication and
local authentication is considered optimal.
It is recommended to lower the built-in admin account privileges to 1.
It is recommended to configure logging of changes of local accounts.
It is recommended to configure AAA policy change logging.
7.4.2 Warnings
The built-in admin account cannot be deleted.
The no username admin command does not remove the admin user, it resets his configuration to
defaults. After applying this command, the admin user will not appear in the configuration.
The no password command for the admin user also does not remove the admin user's password, but
resets it to its default value. After applying this command, the admin user password is no longer
displayed in the configuration and becomes 'password'.
User with privilege level 15 or an ENABLE password must be configured before setting the admin user to
downgrade privileges.
7.4.3 Configuration example
Objective:
Configure AAA policy:
Use RADIUS authentication for remote login via SSH.
Use RADIUS authentication for local console login, use local authentication if there is no connection to
RADIUS servers.
Use ENABLE password set via RADIUS, if there is no connection to RADIUS servers, use local ENABLE
password.
Set the admin user to a reduced privilege level.
Configure logging of changes of local accounts.
Configure AAA policy changes logging.
Configure the logging of entered commands.
Solution:
Create a local-operator user with privilege level 8:
esr(config)# username local-operator
esr(config-user)# password Pa$$w0rd1
esr(config-user)# privilege 8
esr(config-user)# exit
Set local ENABLE password:
esr(config)# enable password $6e5c4r3e2t!
Lower the privileges of the admin user:
esr(config)# username admin
esr(config-user)# privilege 1
esr(config-user)# exit
Configure the connection to the two RADIUS servers, the primary 192.168.1.11 and the backup 192.168.2.12:

Table of Contents

Other manuals for ELTEX ESR-1000

Preview: Operation Manual
Operation Manual109 pages
Preview: Quick Start And Installation Guide
Quick Start And Installation Guide19 pages

Related product manuals