This section provides information to configure security and configuration examples of configuration tasks.
To implement security features, configure the following components:
management access filters
profiles
user access parameters
password management parameters
enable RADIUS and/or TACACS+:
one to five RADIUS and/or TACACS+ servers
RADIUS and/or TACACS+ parameters
The following are sample default values for security parameters.
A:ALA-1>config>system>security# info detail
----------------------------------------------
no hash-control
telnet-server
no telnet6-server
no ftp-server
management-access-filter
exit
profile "default"
default-action none
no li
entry 10
no description
match ‟exec”
action permit
...
password
authentication-order radius tacplus local
no aging
minimum-length 6
attempts 3 time 5 lockout 10
complexity
exit
user "admin"
password "./3kQWERTYn0Q6w" hash
access console
no home-directory
no restricted-to-home
console
no login-exec
no cannot-change-password
no new-password-at-login
member "administrative"
exit
exit
snmp
view iso subtree 1
mask ff type included
exit
...
access group snmp-ro security-model snmpv1 security-level no-auth-no
privacy read no-security notify no-security
access group snmp-ro security-model snmpv2c security-level no-auth-no
privacy read no-security notify no-security
access group snmp-rw security-model snmpv1 security-level no-auth-no
privacy read no-security write no-security notify no-security
access group snmp-rw security-model snmpv2c security-level no-auth-no
privacy read no-security write no-security notify no-security
access group snmp-rwa security-model snmpv1 security-level no-auth-no
privacy read iso write iso notify iso
access group snmp-rwa security-model snmpv2c security-level no auth-no
privacy read iso write iso notify iso
access group snmp-trap security-model snmpv1 security-level no-auth-no
privacy notify iso
access group snmp-trap security-model snmpv2c security-level no-auth-no
privacy notify iso
access group cli-readonly security-model snmpv2c security-level
no-auth-no-privacy read iso notify iso
access group cli-readwrite security-model snmpv2c security-level
no-auth-no-privacy read iso write iso notify iso
attempts 20 time 5 lockout 10
exit
no ssh