Verifying Context-Level Administrative User Configuration - Cisco ASR 5000 Series Administration Manual
Staros release 21.4
Hide thumbs
Also See for ASR 5000 Series:
- Product overview (992 pages) ,
- Installation manual (317 pages) ,
- Administration manual (234 pages)
Table of Contents
Advertisement
Configuring Context-level Administrative Users
• Only administrators with li-administration privilege can see Lawful Intercept CLI commands in the
output of the show configuration command.
• Executing the save configuration command will automatically encrypt Lawful Intercept CLI configuration
commands.
• When loading a saved configuration file via CLI command (for example, configure <url>), encrypted
Lawful Intercept CLI commands will be decrypted and executed only for an administrator with LI
privilege. For an administrator without LI privilege, encrypted Lawful Intercept CLI commands will
not be decrypted and executed.
• During a system boot wherein the boot config is loaded, encrypted Lawful Intercept configuration will
be decrypted and loaded silently, in other words Lawful Intercept CLI configuration will not be visible
on the console port.
• The Exec mode configure command now supports a keyword that allows an LI administrator to load
only encrypted Lawful Intercept configuration from a saved configuration file (for example, configure
encrypted <url>). The encrypted keyword can only be executed by an LI Administrator.
• If you are running a system with encrypted Lawful Intercept configuration (segregated LI), the output
of the show boot initial-config command contains a line indicating whether it needed to run the second
pass or not during the initial boot. This line displays "encrypted li" if the encrypted Lawful Intercept
configuration was processed. If the line reads "encrypted li errors" then the second pass was not successful,
or gave some output which was not expected or informational in nature.
• A user with li-administration privileges can view the boot config output for the encrypted Lawful Intercept
configuration with the show logs encrypted-li command.
For a detailed description of the Global Configuration mode require segregated li-configuration and associated
commands, see the Lawful Intercept CLI Commands appendix in the Lawful Intercept Configuration Guide.
The Lawful Intercept Configuration Guide is not available on www.cisco.com. Contact your Cisco account
Note
representative to obtain a copy of this guide.
In Release 21.4 and higher (Trusted builds only):
• Users can only access the system through their respective context interface.
• If the user attempts to log in to their respective context through a different context interface, that user
will be rejected.
• Irrespective of whether the users are configured in any context with 'authorized-keys' or 'allowusers',
with this feature these users will be rejected if they attempt to log in via any other context interface other
than their own context interface.
• Users configured in any non-local context are required to specify which context they are trying to log
in to. For example:
ssh username@ctx_name@ctx_ip_addrs
Verifying Context-level Administrative User Configuration
Verify that the configuration was successful by entering the following command:
show configuration context local
ASR 5500 System Administration Guide, StarOS Release 21.4
54
System Settings
Advertisement
Table of Contents
Troubleshooting
