Configuring System Administrative Users - Cisco ASR 5000 Series Administration Manual
Staros release 21.4
Hide thumbs
Also See for ASR 5000 Series:
- Product overview (992 pages) ,
- Installation manual (317 pages) ,
- Administration manual (234 pages)
Table of Contents
Advertisement
Configuring System Administrative Users
Configuring System Administrative Users
This section describes some of the security features that allow security administrators to control user accounts.
Limiting the Number of Concurrent CLI Sessions
Security administrators can limit the number of concurrent interactive CLI sessions. Limiting the number of
concurrent interactive sessions reduces the consumption of system-wide resources. It also prevents a user
from potentially accessing sensitive user in formation which is already in use.
Most privileged accounts do not require multiple concurrent logins.
Important
Security administrators can limit the number of concurrent interactive CLI sessions with three different ways
depending on the authentication method which his used for that particular user account.
StarOS supports three login authentication methods:
• TACACS+ Server users
• Local-User users
• AAA Context users
For additional information on configuring the maximum number of sessions for TACACS+ Server users, see
Operation. For additional information on configuring the maximum number of sessions for Local-User users
and AAA context users, see
Each authentication method must be configured separately because each of the three authentication methods
can use the same user name.
Automatic Logout of CLI Sessions
Security administrators can configure an automatic logout of certain user accounts. Limiting the number of
minutes that an interactive CLI session can be in use reduces the consumption of system-wide resources. It
also prevents a user from potentially accessing a user account in a terminal window which is left idle. All
authentication methods described in this section support both the idle session timeout technique and the
absolute session timeout technique.
Most privileged accounts do not require an indefinite login timeout limit.
Important
The idle timeout and session timeout fields in the show tacacs summary and show tacacs session id commands
allow administrators to configure an automatic logout of certain accounts.
Session Timeout: allows a security administrator to specify the maximum amount of minutes that a user can
be logged in to a session before the session is automatically disconnected.
ASR 5500 System Administration Guide, StarOS Release 21.4
26
Configuring the maximum number of sessions is recommended for all privileged accounts.
Configuring Context-level Administrative
Configuring the session timeout is strongly recommended for all privileged accounts.
Getting Started
Users.
Advertisement
Table of Contents
Troubleshooting
