Shows the licensing requirements for this feature:Īccounts and RBAC require no license. ForĮxample, if a role has three rules, rule 3 is applied before rule 2, which is The user-specified rule number determines the order You can configure a read-only or read-and-write rule for an SNMP OID. Software also supports the predefined feature group 元 that you can use. The feature group combines relatedįeatures and allows you to easily manage the rules. The lastĬontrol parameter is the feature group. The next control parameter is theįeature, which represents all commands associated with the feature. Most basic control parameter is the command. Group of commands defined in a regular expression.įeature, and feature group parameters create a hierarchical relationship. You can apply rules for the following parameters: A rule defines what operations the role allows the In this case, the user has accessīasic element of a role. However, the user also has RoleB, which has access to the configuration commands. For example, suppose a user has RoleA, which denied access to the configurationĬommands. Takes priority over being denied access to a command. If you belong to multiple roles, you can execute a combination of all the commands permitted by these roles. You can add rules to allow users to configure features. In addition, some non- show commands (such as telnet) may be available for this user role.īy default, the user accounts without an administrator role can access only the show, exit, end, and configure terminal commands. Some show commands may be hidden from network-operator users. The Cisco Nexus 9000 Series switches support a single VDC due to which the vdc-admin has the same privileges and limitations Same privileges and limitations as the network-operator role. The Cisco Nexus 9000 Series switches do not support multiple VDCs however, the vdc-operator role is available and has the Network-operator or vdc-operator-Complete read access to the entire Cisco NX-OS device Network-admin-Complete read-and-write access to the entire Cisco NX-OS device The Cisco NX-OS software provides the following user roles: You can also limit access to specific virtual routing and forwarding instances (VRFs), VLANs, and interfaces. For example, if role1 allows access only to configuration operations,Īnd role2 allows access only to debug operations, then users who belong to both role1 and role2 can access configuration andĭebug operations. Multiple rules, and each user can have multiple roles. User roles contain rules that define the operations allowed for the user who is assigned the role. Passwords are case-sensitive.ĪSCII characters are supported in the password string if they are enclosed inĮnabling Password-Strength Checking User Roles Password as shown in the sample configuration. If a password is trivial (such as a short, easy-to-decipher password), the Cisco NX-OS software will reject your password configuration if password-strength checking is enabled. Many repeating characters (such as aaabbb)Ĭlear text passwords cannot include these special characters at the beginning of the password: quotation marks (" or '), verticalīars (|), or right angle brackets (>). Many consecutive characters (such as abcd) Special characters, such as the dollar sign ($) or the percent sign (%), can be used in Cisco Nexus device passwords. If the username containsĬharacters that are not allowed, the specified user is unable to log in. Usernames must begin with an alphanumeric character or an underscore (_), which is supported starting with Cisco NX-OS Release 7.0(3)I2(2), and can contain only these special characters: ( + =. Not displayed in the configuration files. Mailnull, root, rpc, rpcuser, xfs, gdm, mtsuser, ftpuser, man, and sys. Shutdown, halt, mail, news, uucp, operator, games, gopher, ftp, nobody, nscd, The expire option determines theĪre reserved and cannot be used to configure users: bin, daemon, adm, lp, sync, Unless you explicitly configure it to expire. By default, the user account does not expire The authorization that the user has to access management operations. RBAC allows you to define the rules for an assign role that restrict Manage users accounts and assign roles that limit access to operations on theĭevice.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |