mgmt-auth
This command configures various management settings.
Syntax
(config-system)# mgmt-auth (mgmt-auth)#
|
Command |
Description |
|---|---|
|
default-access-level {no-access|monitor|administrator|security-administrator} |
Defines the device's default access level when the LDAP/RADIUS response doesn't include an access level attribute for determining the user's management access level. |
|
local-cache-mode {absolute-expiry-timer|reset-expiry-upon-access} |
Defines the password's local cache timeout to reset after successful authorization. |
|
local-cache-timeout |
Defines the locally stored login password's expiry time, in seconds. When expired, the request to the Authentication server is repeated. |
|
obscure-password-mode {off|on} |
Enables the device to enforce obscured (i.e., encrypted) passwords whenever you create a new management user or modify the password of an existing user (Local Users table) through CLI (configure system > user). For more information, see the command configure system > user > password. |
|
oauth-web-login [disable| enable-with-local|enable-without-local} |
Enables user login authentication based on OAuth 2.0. |
|
timeout-behavior {VerifyAccessLocally|deny-access} |
Defines the device to search in the Local Users table if the Authentication server is inaccessible. |
|
use-local-users-db {always|always-before-auth-server|when-no-auth-server} |
Defines when to use the Local Users table in addition to the Authentication server. |
Command Mode
Privileged User
Example
This example configures the device's default access level when no access level is received in the RADIUS response:
(config-system)# mgmt-auth (mgmt-auth)# default-access-level no-access