Adding and Managing Users

You can assign or change login permissions and security levels for users who are to manage a VNswitch module and enable or disable ID and password prompting at login.

Security levels include administrative, operations, and monitor. Users who are assigned administrative permission control access to the switch configuration and monitoring tasks. A user with any security level can display a list of users and change their own password. (Refer to System Security for a description the three security levels and the access privilege that each provides.)

Caution:  Login IDs and passwords are not required at installation. However, you can use the Command Line Interface (CLI) to configure the VNswitch module to require users to enter a login ID and password.

Adding Users

If a VNswitch administrator enables prompting for ID and password, an individual cannot access switch configuration and management functions unless the user 's name is added to a user list, assigned a password, and given a security level (administrative, operations, or monitor).

Procedure:

Step Action
1 Select Telnet to Module from the application tree and connect to the module.
2 At the Main prompt (Main>), enter Config and press Return.
3 At the Config prompt (Config>), enter add user.
4 Press Return. The following message is displayed:

Enter user name: []?

5 Enter the name of the user (Mary), for example). The name can be a maximum of eight characters and is case sensitive. Spaces are permitted. If the maximum of eight characters is exceeded, the entry is truncated.
6 Press Return. The following message is displayed:

Password:

7 Enter a password for the user. The password can be a maximum of 79 characters and is case sensitive.
8 Press Return. The following message is displayed:

Enter password again:

9 Reenter the password you entered in step 7 to confirm that it is correct.
10 Press Return. The following message is displayed:

Enter permission: (A)dmin, (O)perations, or (M)onitor [A]?

11 Enter either an A, an O, or an M (for administrative, operations, or monitor, respectively) to designate the permission for the user. (Refer to System Security for a description the three security levels and the access privilege that each provides.)
12 Press Return. The following message and the Config prompt are displayed:

User 'Mary' has been added.

If prompting for ID and password mode (enable or disable console login) was changed prior to this procedure, a notification message to this effect is also displayed.

13 Log out of the Telnet session and terminate the connection.

Note:  You cannot enable ID password prompting unless at least one user on the user list for the module has administrative permission. The following message is displayed if you attempt to enable password prompting on a module for which no administrative user exists:

Warning: Console login is disabled until an administrative user is added

Displaying a List of Users

Procedure:

Step Action
1 Select Telnet to Module from the application tree and connect to the module.
2 At the Main prompt (Main>), enter Config and press Return.
3 At the Config prompt (Config>), enter list users.
4 Press Return. A list of users is displayed, including the security (permission) level to which they are assigned.

Example:
   USER    PERMISSIONS
   joe     Operations
   mary    Admin
   peter   Monitor

Console login-prompting is enabled

5 Log out of the Telnet session and terminate the connection.

Changing Your Own Password

You can change your own password, regardless of the security level to which you are assigned.

Procedure:

Step Action
1 Select Telnet to Module from the application tree and connect to the module.
2 At the Main prompt (Main>), enter Config and press Return.
3 At the Config prompt (Config>), enter change password.
4 Press Return. The following message is displayed:

Enter current password: []?

5 Enter your current password.
6 Press Return. The following message is displayed:

Password: []?

7 Enter your new password.The password can be a maximum of 79 characters and is case sensitive.
8

 

Press Return. The following message is displayed:

Enter password again:

9 Reenter the password you entered in step 7 to confirm that it is entered correctly. If the confirmation entry does not match the password you entered in step 7, your old password remains in effect.
10 Log out of the Telnet session and terminate the connection.

Changing Another User's Password or Security Level

You must be assigned to the administrative security level to change another user's password or security level. 

Procedure:

Step Action
1 Select Telnet to Module from the application tree and connect to the module.
2 At the Main prompt (Main>), enter Config and press Return.
3 At the Config prompt (Config>), enter change user.
4 Press Return. The following message is displayed:

Enter user name: []?

5 Enter the name of the user whose information you want to change.
6 Press Return. The following message is displayed:

Change password? (Yes or [No]):

7 Enter Yes if you want to change the user's password.

Enter No if you do not want to change the user's password. No is the default.

8 Press Return.

If you entered No in step 7, the following message is displayed:

Change permission? (Yes or [No]):

Go to Step 13.

If you entered Yes in step 7, the following message is displayed:

Password:

Go to Step 9.

9 Enter the user's new password. The password can be a maximum of 79 characters and is case sensitive.
10 Press Return. The following message is displayed:

Enter password again:

11 Reenter the password you entered in step 9 to confirm that it is entered correctly.
12 Press Return. The following message is displayed:

Change permission? (Yes or [No]):

13 Enter Yes if you want to change the permission level.

Enter No if you do not want to change the permission level. No is the default.

14 Press Return.

If you entered No, the Config prompt (Config>) is displayed.

If you entered Yes, the following message is displayed:

Enter permission: (A)dmin, (O)perations, or (M)onitor [A]?

15 Enter either an A, an O, or an M (for administrative, operations, or monitor, respectively) to designate the permission for the user. (Refer to System Security for a description the three security levels and the access privilege that each provides.)
16 Press Return. The specified changes are made and the Config prompt (Config>) is displayed.
17 Log out of the Telnet session and terminate the connection.

Enabling/Disabling Prompting for ID and Password

You can configure the switch so that users are required to enter an ID and password before the Command Line Interface (CLI) is displayed. You can also choose to disable ID and password prompts. If ID and password prompting is disabled, full access to all functions is available to any individual who logs in. That is, there are no restrictions to access of functions based on administrative, operations, and monitor privileges. Disabled is the default.

Procedure:

Step Action
1 Select Telnet to Module from the application tree and connect to the module.
2 At the Main prompt (Main>), enter Config and press Return.
3 If you want to enable ID and password prompting, at the Config prompt (Config>), enter enable console-login-prompting.

If you want to disable ID and password prompting, at the Config prompt (Config>), enter disable console-login-prompting.

4 Press Return. ID and password prompting is enabled or disabled as specified.
5 Restart the module for the new setting to take effect.
6 Log out of the Telnet session and terminate the connection.

Note:  You cannot enable ID password prompting unless at least one user on the user list for the module has administrative permission. The following message is displayed if you attempt to enable password prompting on a module for which no administrative user exists:

Warning: Console login is disabled until an administrative user is added

Deleting a Single User

You can delete individuals from the list of users who have access to switch configuration and management functions. You must be assigned to the administrative security level to do so.

Procedure:

Step Action
1 Select Telnet to Module from the application tree and connect to the module.
2 At the Main prompt (Main>), enter Config and press Return.
3 At the Config prompt (Config>), enter delete user.
4 Press Return. The following message is displayed:

Enter user name: []?

5 Enter the name (Mary, for example) of the user you want to delete.
6 Press Return. The following message is displayed:

Delete 'Mary'? (Yes or [No]):

7 Enter Yes if you want to delete the user.

Enter No if you do not want to delete the user. No is the default.

8 Press Return.

If you entered Yes, the following message and the Config prompt are displayed:

User 'Mary' has been deleted

If you entered No, the Config prompt is displayed.

9 Log out of the Telnet session and terminate the connection.

Deleting (Clearing) All Users

Deleting all users resets the user list to its factory default, deleting the names, passwords, and associated security levels of all individuals from the list. You must log in using a local console after you clear all users. If ID and password prompting (enabling and disabling remote console login) is currently enabled, the console login setting is temporarily disabled until a new user with administrative privileges is added.

Procedure:

Step Action
1 Select Telnet to Module from the application tree and connect to the module.
2 At the Main prompt (Main>), enter Config and press Return.
3 At the Config prompt (Config>), enter clear user.
4 Press Return. The following message is displayed:

You area about to clear all User configuration information

Are you sure you want to do this (Yes or [No]):

5 Enter Yes if you want to clear all user configuration information to the factory default.

Enter No if you do not want to clear all user configuration information to the factory default.

6 Press Return.

If you entered Yes, the following message and the Config prompt (Config>) are displayed:

User configuration cleared

If you entered No, the following message and  the Config prompt (Config>) are displayed:

Aborted

7 Log out of the Telnet session and terminate the connection.

System Security

The switch software can, optionally, require users to enter a user name and password when logging in at a switch console. It further distinguishes among three types of users, each of which is associated with a different level of access privilege to configuration, monitoring, and management functions.

Administrative users Can access any configuration, monitoring, or management functions, including adding and managing users. Only a user with Administrative access can change configuration in NVRAM.
Operations users Can view any network configuration parameter or statistic, run potentially disruptive tests, dynamically change switch operation by reconfiguring parameters via volatile RAM, and restart the switch.
Monitor users Can only view configuration parameters and network statistics.