password question

[gringabot]

Hi Guys,
New to OmniSwitch 6850 switches so very much a newbie and still learning about configuring the switches. I have searched the CLI reference but cannot find out the information i am looking for.
On the 6850 switch is it possible to have a different password for admin using console access and admin using telnet access?

Thanks

[benny]

Hi,

Welcome to AlcatelUnleashed.

The OS6850 offers very cool ways to integrate the authentication with TACACS/RADIUS/LDAP or ACE. It is not "directly" possible to set different passwords for console and the "rest" (ssh, telnet, ftp, ...).

There is the following way to do it:

aaa authentication console local

The command above will make sure that all login requests for the console port go the "local" user table.

aaa authentication ssh radius01 local

The command above will let the switch contact "radius01" for users which try to login (for application ssh). The local user table will only be queried if the radius server is not reachable.
Obviously you'll have to create a config line for that radius server, I'll let you open the documentation for that (Section 36, you can download it publicly through the link in my signature).
You can also set different radius servers for the various access methods (telnet, ssh, ftp, etc).

Since AOS 6.4.3.R01 it is also possible to restrict the access of a specific user e.g. "admin" to the console, this applies to local users as well as those authenticated via radius etc.

I recommend to have a look at the documentation.

-benny