User Name Character Restrictions; Configuring Context-Level Administrative Users; Configuring Context-Level Security Administrators - Cisco ASR 5500 System Administration Manual

System Settings
Important

User Name Character Restrictions

User names can only contain alphanumeric characters (a-z, A-Z, 0-9), hyphen, underscore, and period. The
hyphen character cannot be the first character. This applies to AAA user names as well as local user names.
If you attempt to create a user name that does not adhere to these standards, you will receive the following
message: "Invalid character; legal characters are
"0123456789.-_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ".

Configuring Context-level Administrative Users

This user type is configured at the context-level and relies on the AAA subsystems for validating user names
and passwords during login. This is true for both administrative user accounts configured locally through a
configuration file or on an external RADIUS or TACACS+ server. Passwords for these user types are assigned
once and are accessible in the configuration file.
This section contains information and instructions for configuring context-level administrative user types.
It is possible to configure the maximum number of simulations CLI sessions on a per account or per
authentication method basis. It will protect certain accounts that may have the ability to impact security
configurations and attributes or could adversely affect the services, stability and performance of the system.
The maximum number of simultaneous CLI sessions is configurable when attempting a new Local-User login
and a new AAA context-based login. If the maximum number of sessions is set to 0, then the user is
authenticated regardless of the login type. When the CLI task starts, a check is complete to identify the count.
In this case, the CLI determines that the sessions for that user is 1 which is greater than 0 and it will display
an error message in the output, it generate starCLIActiveCount and starCLIMaxCount SNMP MIB Objects
and starGlobalCLISessionsLimit and starUserCLISessionsLimit SNMP MIB Alarms.
The max-sessions keyword for the local-user username Global Configuration Mode command configures
the maximum number of simultaneous sessions available for a local user.
The max-sessions Context Configuration Mode command allows administrative users to configure the
maximum simultaneous sessions allowed for corresponding users.
Refer to the Command Line Interface Reference for detailed information about these commands.

Configuring Context-level Security Administrators

Use the example below to configure additional security administrators:
configure
context local
Notes:
For information on the differences between these user privileges and types, refer to Getting Started.
administrator user_name { [ encrypted ] [ nopassword ] password password }
end
User Name Character Restrictions
ASR 5500 System Administration Guide, StarOS Release 21.5
33