Configuring Li Administrators; Verifying Context-Level Administrative User Configuration; Configuring Local-User Administrative Users - Cisco ASR 5000 Administration Manual
Staros release 21.1
Hide thumbs
Also See for ASR 5000:
- Installation manual (294 pages) ,
- Administration manual (159 pages) ,
- Installation procedure (8 pages)
Table of Contents
Advertisement
Configuring Local-User Administrative Users
Configuring LI Administrators
Important
Use the example below to configure a context-level LI administrator:
configure
context context_name
Verifying Context-level Administrative User Configuration
Verify that the configuration was successful by entering the following command:
show configuration context local
This command displays all of the configuration parameters you modified within the Local context during this
session. The following displays sample output for this command. In this example, a security administrator
named testadmin was configured.
config
context local
exit
port ethernet 24/1
exit
end
Configuring Local-User Administrative Users
The local user type supports ANSI T1.276-2003 password security protection. Local-user account information,
such as passwords, password history, and lockout states, is maintained in /flash. This information is saved
immediately in a separate local user database subject to AAA based authentication and is not used by the rest
of the system. As such, configured local-user accounts are not visible with the rest of the system configuration.
ASR 5000 System Administration Guide, StarOS Release 21.1
50
For security reasons, li-administration accounts must be restricted for use only with Lawful Intercept
(LI) functionality and not for general system administration. Only security administrators and administrators
can provision LI privileges. To ensure security in accordance with Law Enforcement Agency (LEA)
standards, LI administrative users must access the system using the Secure Shell (SSH) protocol only. LI
privileges can be optionally configured for use within a single context system-wide. For additional
information, see the Lawful Intercept Configuration Guide and
52.
administrator user_name { [ encrypted ] [ nopassword ] password password li-administrator}
end
interface mgmt1
ip address 192.168.1.10 255.255.255.0
#exit
subscriber default
#exit
administrator testadmin encrypted password fd01268373c5da85
inspector testinspector encrypted password 148661a0bb12cd59
bind interface mgmt1 local
System Settings
Provisioning Lawful Intercept, on page
Advertisement
Table of Contents
Troubleshooting
