Configuring Context-Level Administrative Users - Cisco ASR 5000 Series Administration Manual
Staros release 21.4
Hide thumbs
Also See for ASR 5000 Series:
- Product overview (992 pages) ,
- Installation manual (317 pages) ,
- Administration manual (234 pages)
Table of Contents
Advertisement
System Settings
If you attempt to create a user name that does not adhere to these standards, you will receive the following
message: "Invalid character; legal characters are
"0123456789.-_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ".
Configuring Context-level Administrative Users
This user type is configured at the context-level and relies on the AAA subsystems for validating user names
and passwords during login. This is true for both administrative user accounts configured locally through a
configuration file or on an external RADIUS or TACACS+ server. Passwords for these user types are assigned
once and are accessible in the configuration file.
This section contains information and instructions for configuring context-level administrative user types.
It is possible to configure the maximum number of simulations CLI sessions on a per account or per
authentication method basis. It will protect certain accounts that may have the ability to impact security
configurations and attributes or could adversely affect the services, stability and performance of the system.
The maximum number of simultaneous CLI sessions is configurable when attempting a new Local-User login
and a new AAA context-based login. If the maximum number of sessions is set to 0, then the user is
authenticated regardless of the login type. When the CLI task starts, a check is complete to identify the count.
In this case, the CLI determines that the sessions for that user is 1 which is greater than 0 and it will display
an error message in the output, it generate starCLIActiveCount and starCLIMaxCount SNMP MIB Objects
and starGlobalCLISessionsLimit and starUserCLISessionsLimit SNMP MIB Alarms.
The max-sessions keyword for the local-user username Global Configuration Mode command configures
the maximum number of simultaneous sessions available for a local user.
The max-sessions Context Configuration Mode command allows administrative users to configure the
maximum simultaneous sessions allowed for corresponding users.
Refer to the Command Line Interface Reference for detailed information about these commands.
Configuring Context-level Security Administrators
Use the example below to configure additional security administrators:
configure
context local
Notes:
• Additional keyword options are available that identify active administrators or place time thresholds on
• The nopassword option allows you to create an administrator without an associated password. Enable
Save the configuration as described in the Verifying and Saving Your Configuration chapter.
administrator user_name { [ encrypted ] [ nopassword ] password password }
end
the administrator. Refer to the Command Line Interface Reference for more information about the
administrator command.
this option when using ssh public keys (authorized key command in SSH Configuration mode) as a
sole means of authentication. When enabled this option prevents someone from using an administrator
password to gain access to the user account.
Configuring Context-level Administrative Users
ASR 5500 System Administration Guide, StarOS Release 21.4
51
Advertisement
Table of Contents
Troubleshooting
