mgmt-auth

This command configures various management settings.

Syntax

(config-system)# mgmt-auth 
(mgmt-auth)# 

Command

Description

default-access-level {no-access|monitor|administrator|security-administrator}

Defines the device's default access level when the LDAP/RADIUS response doesn't include an access level attribute for determining the user's management access level.

local-cache-mode {absolute-expiry-timer|reset-expiry-upon-access}

Defines the password's local cache timeout to reset after successful authorization.

local-cache-timeout

Defines the locally stored login password's expiry time, in seconds. When expired, the request to the Authentication server is repeated.

obscure-password-mode {off|on}

Enables the device to enforce obscured (i.e., encrypted) passwords whenever you create a new management user or modify the password of an existing user (Local Users table) through CLI (configure system > user). For more information, see the command configure system > user > password.

oauth-web-login [disable| enable-with-local|enable-without-local}

Enables user login authentication based on OAuth 2.0.

timeout-behavior {VerifyAccessLocally|deny-access}

Defines the device to search in the Local Users table if the Authentication server is inaccessible.

use-local-users-db {always|always-before-auth-server|when-no-auth-server}

Defines when to use the Local Users table in addition to the Authentication server.

Command Mode

Privileged User

Example

This example configures the device's default access level when no access level is received in the RADIUS response:

(config-system)# mgmt-auth 
(mgmt-auth)# default-access-level no-access