Securing Access to Management Functions
December 2000 3 - 9
Setting Passwords
Passwords can be used to secure the following access methods:
• Telnet access can be secured by setting a Telnet password. See “Setting a Telnet Password” on page 3-9.
• Access to the Privileged EXEC and CONFIG levels of the CLI can be secured by setting passwords for
management privilege levels. See “Setting Passwords for Management Privilege Levels” on page 3-10.
This section also provides procedures for enhancing management privilege levels, recovering from a lost
password, and disabling password encryption.
NOTE: You also can configure up to 16 user accounts consisting of a user name and password, and assign each
user account a management privilege level. See “Setting Up Local User Accounts” on page 3-12.
Setting a Telnet Password
By default, the device does not require a user name or password when you log in to the CLI using Telnet. You can
assign a password for Telnet access using one of the following methods.
USING THE CLI
To set the password “letmein” for Telnet access to the CLI, enter the following command at the global CONFIG
level:
BigIron(config)# enable telnet password letmein
Syntax: [no] enable telnet password <string>
USING THE WEB MANAGEMENT INTERFACE
1. Log on to the device using a valid user name and password for read-write access. The System configuration
panel is displayed.
2. Select the Management
link from the System configuration panel to display the Management panel.
3. Enter the password in the Telnet Password field.
4. Click the Apply button to save the change to the device’s running-config file.
5. Select the Save
link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device’s flash memory.
Suppressing Telnet Connection Rejection Messages
By default, if a Foundry device denies Telnet management access to the device, the software sends a message to
the denied Telnet client. You can optionally suppress the rejection message. When you enable the option, a
denied Telnet client does not receive a message from the Foundry device. Instead, the denied client simply does
not gain access.
To suppress the connection rejection message, use the following CLI method.
USING THE CLI
To suppress the connection rejection message sent by the device to a denied Telnet client, enter the following
command at the global CONFIG level of the CLI:
BigIron(config)# telnet server suppress-reject-message
Syntax: [no] telnet server suppress-reject-message
USING THE WEB MANAGEMENT INTERFACE
You cannot configure this option using the Web management interface.
To Next Page
Loading...
Need help?
General
