Chapter 3 Configuring General Router Features

Logging In to a Router

F I N A L D R A F T — C i s c o C o n f i d e n t i a l

For example, the following prompt indicates that the CLI commands are executed on the RP in rack 0, slot RSP0, by the “CPU0” module on a router named “router:”

RP/0/RSP0/CPU0:router#

User Access Privileges

When you log in to the router, your username and password are used to determine if you are authorized to access the router. After you successfully log in, your username is used to determine which commands you are allowed to use. The following sections provide information on how the router determines which commands you can use:

User Groups, Task Groups, and Task IDs, page 3-7

Predefined User Groups, page 3-8

Viewing Your User Groups and Task IDs, page 3-8

User Groups, Task Groups, and Task IDs

The Cisco IOS XR software ensures security by combining tasks a user wants to perform (task IDs) into groups, defining which router configuration and management functions users can perform. This policy is enabled by the definition of:

User groups—A collection of users that share similar authorization rights on a router.

Task groups—Defined by a collection of task IDs for each class of action.

Task IDs—Define permission to perform particular tasks; pooled into a task group that is then assigned to users.

The commands each user can perform are defined by the user groups to which he or she belongs. Commands for a particular feature, like access control lists, are assigned to tasks. Each task is uniquely identified by a task ID. If a user wants to use a particular command, his or her username must be associated with the appropriate task ID. The association between a username and a task ID takes place through two intermediate entities, the user group and task group.

The user group is a logical container used to assign the same task IDs to multiple users. Instead of assigning task IDs to each user, assign them to the user group. Then assign users to that user group. When a task is assigned to a user group, define the access rights for the commands associated with that task. These rights include “read,” “write,” “execute,” and “notify.”

The task group is also a logical container, but it groups tasks. Instead of assigning task IDs to each user group, you assign them to a task group. This allows you to quickly enable access to a specific set of tasks by assigning a task group to a user group. Users are not assigned to groups by default and must be explicitly assigned by an administrator.

Note Only root-system users (root-lr users) or users associated with the WRITE:AAA task ID can configure task groups.

Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide

 

OL-17502-01

3-7

 

 

 

Page 43
Image 43
Cisco Systems A9K24X10GETR, ASR 9000, A9KMOD80TR manual User Access Privileges, User Groups, Task Groups, and Task IDs

A9KMOD80TR, A9K24X10GETR, ASR 9000 specifications

Cisco Systems has long been a leader in networking technology, providing cutting-edge solutions for service providers and enterprise organizations alike. Among their standout products is the Cisco ASR 9000 Series Aggregation Services Routers, notably the A9K24X10GETR and the A9KMOD80TR models. These routers are engineered to deliver unmatched performance, scalability, and versatility for networks that require high bandwidth and low latency.

The Cisco ASR 9000 Series is built for the needs of today's complex service provider and enterprise networks. A significant feature of the A9K24X10GETR is its 24-port 10-Gigabit Ethernet module. This functionality allows for high-density connectivity, making it ideal for aggregating numerous connections to different parts of a network while maintaining optimal performance. Whether used for Internet service providers delivering high-speed connectivity or for enterprises looking to connect multiple branches, the A9K24X10GETR provides robust and reliable data transmission.

Further enhancing the capabilities of the ASR 9000 is the A9KMOD80TR module, which supports an extensive range of services. This module is designed to run a variety of technologies, including Layer 2 and Layer 3 services, MPLS (Multiprotocol Label Switching), and IPv6. Its ability to integrate seamlessly into existing infrastructures while providing the advanced features customers demand makes it an invaluable asset for network engineering teams.

Another cutting-edge technology present in the ASR 9000 Series is its support for eBGP (External Border Gateway Protocol), which plays a critical role in managing traffic across multiple networks. The routers are equipped with advanced telemetry features, empowering operators with real-time insights into network performance and health. Additionally, they come with integrated security features that protect against DDoS threats and other vulnerabilities.

In summary, Cisco's ASR 9000 Series, particularly the A9K24X10GETR and A9KMOD80TR, combines high-density connections, extensive service support, and advanced security and telemetry capabilities. These routers are perfect for demanding environments where reliable performance and adaptability are crucial. With their focus on innovation and performance, Cisco continues to shape the future of networking technology.