Connectivity Guide

Table Of Contents
Create password rules
OS10(config)# password-attributes min-length 7 character-restriction upper 4 numeric 2
Display password rules
OS10(config)# do show running-configuration password-attributes
password-attributes min-length 7 character-restriction upper 4 numeric 2
Role-based access control
RBAC provides control for access and authorization. Users are granted permissions based on dened roles — not on their individual system
user ID. Create user roles based on job functions to help users perform their associated job function. You can assign each user only a single
role, and many users can have the same role. A user role authenticates and authorizes a user at login, and places you in EXEC mode (see
CLI basics).
OS10 supports four pre-dened roles: sysadmin, secadmin, netadmin, and netoperator. Each user role assigns permissions that determine
the commands a user can enter, and the actions a user can perform. RBAC provides an easy and ecient way to administer user rights. If a
user’s role matches one of the allowed user roles for a command, command authorization is granted.
The OS10 RBAC model provides separation of duty as well as greater security. It places some limitations on each role’s permissions to allow
you to partition tasks. For greater security, only some user roles can view events, audits, and security system logs.
Assign user role
To limit OS10 system access, assign a role when you congure each user.
Enter a user name, password, and role in CONFIGURATION mode.
username username password password role role
username username — Enter a text string. A maximum of 32 alphanumeric characters; 1 character minimum.
password password — Enter a text string. A maximum of 32 alphanumeric characters; 9 characters minimum.
role role — Enter a user role:
sysadmin — Full access to all commands in the system, exclusive access to commands that manipulate the le system, and
access to the system shell. A system administrator can create user IDs and user roles.
secadmin — Full access to conguration commands that set security policy and system access, such as password strength,
AAA authorization, and cryptographic keys. A security administrator can display security information, such as cryptographic
keys, login statistics, and log information.
netadmin — Full access to conguration commands that manage trac owing through the switch, such as routes,
interfaces, and ACLs. A network administrator cannot access conguration commands for security features or view security
information.
netoperator — Access to EXEC mode to view the current conguration. A network operator cannot modify any
conguration setting on a switch.
Create user and assign role
OS10(config)# username smith password silver403! newuser role sysadmin
View users
OS10# show users
Index Line User Role Application Idle Login-Time Location
----- ---- ------ ------ ----------- ---- --------------------- -------------
1 ttyS root root -bash >24h 2018-05-23 T23:05:03Z console
2 pts/0 admin sysadmin bash 1.1s 2018-05-30 T20:04:27Z 10.14.1.214[ssh]
System management
615