Brocade Network OS NETCONF Operations Guide v4.1.1 Manuel d'utilisateur Page 206
- Page / 622
- Table des matières
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
174 Network OS NETCONF Operations Guide
53-1003231-02
User accounts
15
All modules that pertain to security, for example, user and user roles, RBAC, and password
attributes (for example, encryption), are globally configurable data entities. This means that if a
switch is in logical chassis cluster mode, all switches in the cluster will have a common
configuration for all the previously mentioned entities.
Default accounts in the local switch user database
Network OS comes with two predefined user accounts that are part of the factory-default settings.
Brocade recommends that you change the password for all default accounts during the initial
installation and configuration for each switch.
The default user accounts are “admin” and “user,” and these accounts are associated with the
corresponding admin” and “user” roles in the switch-local user database. Only the “admin” and
“user” users can access the CLI and, except for the account password, no other attributes can be
changed for the default users “admin” and “user.”
By default, all account information is stored in the switch-local user database. User authentication
and tracking of logins to the switch is local by default.
NOTE
The maximum number of user accounts, including the default accounts, is 64. The maximum
number of roles, including the default roles is 64. For any environment requiring more than 64 users,
you should adopt an authentication, authorization, and accounting (AAA) service for user
management. Refer to Chapter 16, “External Server Authentication” for more information. The
maximum number of active Telnet or CLI sessions supported per switch is 32.
Creating and modifying a user account
When you create a user account you must specify three mandatory attributes: an account login
name, a role, and a password. The remaining attributes are optional.
TABLE 5 User account attributes
Parameter Description
name The name of the account. The user account name is case-sensitive, must not exceed
40 characters, and must begin with a letter. The text string can contain letters, numbers,
underscore (__), and periods (.). If the user name specified already exists, the username
command modifies the existing role.
role The role assigned to the user defines the RBAC access privileges for the account.
password The account password must satisfy all currently enforced password rules.
Refer to “Password policies” on page 189 for more information.
encryption-level The password encryption level. You can choose to encrypt the password (7) or leave it in clear
text (0). If you do not specify an encryption level, the default, clear text (0), is the default.
desc A description of the account. The description can be up to 64 characters long, and can
include any printable ASCII character, except for the following characters: single quotation
marks (‘), double quotation marks (“), exclamation point (!), colon (:), and semi-colon (;). If the
description contains spaces. you must enclose the text in double quotation marks.
enable true | false Indicates whether the account is enabled or disabled. A user whose account is disabled
cannot log in. The default account status is enabled.
- Network OS 1
- Document History 2
- Contents (High Level) 3
- Contents (Detailed) 5
- Chapter 7 SNMP 8
- Chapter 8 Fabric 8
- Chapter 9 Metro VCS 8
- Chapter 13 VMware vCenter 10
- Chapter 19 Configuring AMPP 12
- Chapter 21 Configuring VLANs 13
- Chapter 22 Configuring VXLANs 14
- Chapter 25 Configuring UDLD 15
- Chapter 27 Configuring LLDP 16
- Chapter 28 Configuring ACLs 16
- Chapter 29 Configuring QoS 17
- Chapter 31 Configuring sFlow 18
- Chapter 32 IP Route Policy 18
- Chapter 34 Configuring OSPF 19
- Chapter 35 Configuring VRRP 19
- Section V Appendixes 20
- About This Document 27
- Document conventions 29
- Notes, cautions, and warnings 30
- Key terms 30
- Notice to the reader 31
- Additional information 31
- Getting technical help 32
- Document feedback 32
- Network OS Administration 33
- NETCONF Overview 35
- RPC request 37
- RPC reply 37
- RPC and error handling 38
- SSH subsystem 38
- RFC references 38
- NETCONF support in Network OS 39
- Basic NETCONF Operations 41
- Server capabilities 42
- Retrieving configuration data 43
- Subtree filtering 44
- Retrieving operational data 47
- Editing the configuration 50
- Managing the configuration 51
- Basic Switch Management 55
- Connecting to the switch 56
- Switch attributes 56
- Setting host attributes 57
- Rebooting a Brocade switch 59
- Replacing an interface module 61
- Configuring a switch banner 64
- </copy> 69
- </rpc-reply> 69
- Syslog server setup 70
- Adding syslog servers 71
- Removing a syslog server 74
- RASlog configuration 75
- Audit log configuration 77
- Network Time Protocol 79
- Time zone settings 80
- Evaluating a firmware upgrade 91
- ATTENTION 92
- Administering Licenses 97
- Obtaining a license key 98
- Reserving a port assignment 100
- 53-1003231-02 101
- In this chapter 105
- SNMP community strings 106
- Obtaining SNMP user names 108
- SNMP server hosts 109
- Removing the SNMP server host 111
- Enabling VCS Fabric mode 118
- Disabling VCS Fabric mode 118
- Enabling a fabric ISL 119
- Enabling a fabric trunk 120
- Disabling a fabric trunk 121
- Priorities 122
- Fabric ECMP load balancing 126
- Metro VCS 129
- Disabling a fabric ISL 130
- Administering Zones 133
- Default zoning access modes 134
- Zone database size 135
- Zone aliases 136
- Deleting an alias 141
- Zoning information 142
- Zone creation and management 147
- Adding a member to a zone 148
- Removing a member from a zone 149
- Deleting a zone 150
- Zone configuration management 151
- Enabling a zone configuration 154
- Deleting a zone configuration 155
- Zone configuration scenario 160
- • Cfg1 containing ZoneA only 161
- Compression 166
- Enabling a Fibre Channel port 168
- System Monitor Configuration 175
- FRU monitoring 176
- Alert notifications 180
- Configuring e-mail alerts 181
- To change the domain name: 183
- Resource monitoring 184
- Configuring CPU monitoring 185
- Security monitoring 186
- Interface monitoring 189
- Pausing interface monitoring 192
- VMware vCenter 195
- Step 2: Enabling CDP/LLDP 196
- Activating the vCenter 197
- Configuring Remote Monitoring 199
- Managing User Accounts 205
- Parameter Description 206
- Creating a user account 207
- Disabling a user account 209
- Deleting a user account 210
- Unlocking a user account 210
- Role-based access control 211
- User-defined roles 212
- Command access rules 214
- Rule processing 215
- Adding a rule 216
- Changing a rule 217
- Deleting a rule 217
- Verifying a rule 218
- Configuration examples 219
- Password policies 221
- Password encryption policy 222
- Account lockout policy 224
- Managing password policies 226
- Security event logging 228
- Login authentication mode 230
- TACACS+ servers 241
- TACACS+ accounting 243
- Enabling command accounting 244
- Disabling accounting 246
- Server authentication 247
- Deleting CA certificates 248
- FIPS compliance 249
- Active Directory groups 251
- Fabric Authentication 255
- Removing shared secrets 257
- Creating a defined SCC policy 260
- Modifying the SCC policy 261
- Activating the SCC policy 261
- Removing the SCC policy 263
- Edge-loop detection overview 267
- Configuring AMPP 273
- 7. Activate the profile 275
- Configuring VLAN profiles 276
- 3. Activate the profile 278
- Configuring FCoE profiles 281
- Configuring QoS profiles 282
- Configuring security profiles 286
- Deleting a port-profile 289
- Deleting a subprofile 291
- Deleting a port-profile-port 297
- Configuring FCoE Interfaces 303
- Configuring FCoE interfaces 304
- Obtaining FCoE status 307
- Configuring VLANs 309
- Creating a VLAN interface 312
- Enabling STP on a VLAN 312
- Disabling STP on a VLAN 314
- • Enables the interface 317
- • Specifies trunk mode 317
- Obtaining VLAN information 326
- Private VLANs 330
- Configuring a private VLAN 331
- Displaying PVLAN information 333
- Configuring VXLANs 335
- Displaying VXLAN information 341
- Configuring Virtual Fabrics 343
- • Primary VLAN 344
- • Isolated VLAN 344
- • Community VLAN 345
- Configuring MAC groups 358
- Transport service 359
- Configuring STP 362
- Configuring RSTP 364
- Configuring MSTP 367
- Specifying a link type 397
- Specifying the port priority 399
- Enabling spanning tree 403
- Disabling spanning tree 404
- Configuring UDLD 405
- Disabling UDLD 407
- Retrieving UDLD statistics 407
- Configuring Link Aggregation 409
- TABLE 12 Load balance flavor 415
- Configuring LLDP 421
- • <management-address> 428
- • <port-description> 428
- • <system-capabilities> 428
- • <adv-tlv-system-name> 428
- Configuring iSCSI priority 430
- Configuring LLDP profiles 430
- <edit-config> 431
- <target> 431
- <running/> 431
- (more interfaces go here) 434
- Deleting an LLDP profile 435
- Configuring ACLs 437
- Modifying MAC ACL rules 443
- Removing a MAC ACL 444
- Configuring QoS 453
- Rewriting 454
- Queueing 454
- Verifying QoS trust 455
- DSCP values User priority 460
- Verifying DSCP trust 461
- Creating a DSCP mutation map 462
- Traffic class mapping 469
- Mapping DSCP-to-Traffic-Class 473
- Congestion control 477
- Configuring CoS thresholds 478
- Random Early Detection 479
- Ethernet Pause 480
- Enabling Ethernet Pause 481
- Enabling Ethernet PFC 482
- Multicast rate limiting 483
- Configuring BUM storm control 484
- Scheduling 485
- Multicast queue scheduling 486
- Creating a CEE map 487
- Defining a priority-table map 489
- Verifying the CEE maps 490
- Brocade VCS Fabric QoS 491
- Port-based Policier 493
- Configuring the policy map 496
- Policy maps 499
- Class maps 500
- Priority maps 501
- Configuring Auto-QOS 502
- Disabling 802.1x globally 507
- 802.1x readiness check 508
- Configuring sFlow 517
- Flow-based sFlow 521
- Deleting a SPAN session 530
- SPAN in management cluster 531
- Configuring RSPAN 532
- VLAN 1010 as the destination 534
- IP Route Policy 537
- Configuring a route map 538
- IP Route Management 545
- Other routing operations 548
- Enabling IP load sharing 549
- Configuring OSPF 551
- OSPF over VRF 552
- OSPF in a VCS environment 552
- OSPF configuration rules 555
- Enabling OSPF on the router 556
- Disabling OSPF on the router 556
- Assigning OSPF areas 557
- Assigning virtual links 562
- Changing other settings 564
- Configuring VRRP 565
- Configuring the master router 567
- Configuring the backup router 569
- Enabling preemption 571
- Configuring VRF 585
- Enabling VRRP for VRF 588
- Configuring BGP 589
- Enabling BGP on an RBridge 590
- Disabling BGP on an RBridge 590
- Configuring BGP global mode 591
- Configuring IGMP 595
- Monitoring IGMP snooping 598
- Configuring DHCP Relay 599
- Appendixes 603
- Managing NETCONF 605
- • Capabilities 606
- • Datastores 606
- • Schemas 606
- • Sessions 606
- • Statistics 606
- Numerics 609
Produits connexes et manuels pour Accessoires pour ordinateurs Brocade Network OS NETCONF Operations Guide v4.1.1
Accessoires pour ordinateurs Brocade VDX 6710-54 Hardware Reference Manual Manuel d'utilisateur
(72 pages)
(72 pages)
Accessoires pour ordinateurs Brocade VDX 8770-8 Hardware Reference Manual Manuel d'utilisateur
(136 pages)
(136 pages)
Accessoires pour ordinateurs Brocade Network OS Administrator’s Guide v4.1.1 Manuel d'utilisateur
(748 pages)
(748 pages)
Accessoires pour ordinateurs Brocade VDX 8770-4 Hardware Reference Manual Manuel d'utilisateur
(132 pages)
(132 pages)
Accessoires pour ordinateurs Brocade 6910 Ethernet Access Switch MIB Reference Manuel d'utilisateur
(102 pages)
(102 pages)
(84 pages)© 2020, manymanuals.fr. Tous droits réservés | 0.056 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels