Obscuring Passwords and KeysBy default, the service password-encryption command stores encrypted passwords. For greater security, you can also use theservice obscure-passwords command to prevent a user from reading the passwords and keys, including RADIUS, TACACS+ keys,router authentication strings, VRRP authentication by obscuring this information. Passwords and keys are stored encrypted in theconfiguration file and by default are displayed in the encrypted form when the configuration is displayed. Enabling the serviceobscure-passwords command displays asterisks instead of the encrypted passwords and keys. This command prevents a user fromreading these passwords and keys by obscuring this information with asterisks.Password obscuring masks the password and keys for display only but does not change the contents of the file. The string of asterisks isthe same length as the encrypted string for that line of configuration. To verify that you have successfully obscured passwords and keys,use the show running-config command or show startup-config command.If you are using role-based access control (RBAC), only the system administrator and security administrator roles can enable the serviceobscure-password command.To enable the obscuring of passwords and keys, use the following command.• Turn on the obscuring of passwords and keys in the configuration.CONFIGURATION modeservice obscure-passwordsExample of Obscuring Password and KeysDell(config)# service obscure-passwordsAAA AuthorizationDell Networking OS enables AAA new-model by default.You can set authorization to be either local or remote. Different combinations of authentication and authorization yield different results.By default, Dell Networking OS sets both to local.Privilege Levels OverviewLimiting access to the system is one method of protecting the system and your network. However, at times, you might need to allow othersaccess to the router and you can limit that access to a subset of commands. In Dell Networking OS, you can configure a privilege level forusers who need limited access to the system.Every command in Dell Networking OS is assigned a privilege level of 0, 1, or 15. You can configure up to 16 privilege levels in DellNetworking OS. Dell Networking OS is pre-configured with three privilege levels and you can configure 13 more. The three pre-configuredlevels are:• Privilege level 1 — is the default level for EXEC mode. At this level, you can interact with the router, for example, view some showcommands and Telnet and ping to test connectivity, but you cannot configure the router. This level is often called the “user” level. Oneof the commands available in Privilege level 1 is the enable command, which you can use to enter a specific privilege level.• Privilege level 0 — contains only the end, enable, and disable commands.• Privilege level 15 — the default level for the enable command, is the highest level. In this level you can access any command in DellNetworking OS.Privilege levels 2 through 14 are not configured and you can customize them for different users and access.798 Security