Manuals / Brands / Computer Equipment / Network Router / Cisco Systems / Computer Equipment / Network Router

Cisco Systems Cisco IOS XR Creating and Modifying User Accounts and User Groups

1 222

Download 222 pages, 5.14 Mb

5-13

Cisco IOS XR Getting Started Guide

OL-10957-02

Chapter5 Configuring Additiona l Router Features

Creating and Modifying User Accounts and User Groups

Creating and Modifying User Accounts and User Groups

In the Cisco IOS XR software, users are assigned individual userna mes and passwords. Each username

is assigned to one or more user groups, each of which defines display and configuration commands the

user is authorized to execute. This authorization is enabled by default in the CiscoIOS XR software, and

each user must log in to the system using a unique username and password.

The following sections describe the basic commands used to configur e users and user groups. For a

summary of user accounts, user groups, and task IDs, see the “User Access Privileges” section on

page 4-13.

•Displaying Details About User Accounts, User Groups, and Task IDs, page 5-13

•Configuring User Accounts, page 5-14

Note The management of user accounts, user groups, and task IDs is part of the “AAA” feature in the

Cisco IOS XR software. AAA stands for “authentication, authorization, and accounting,” a suit e of

security features included in the CiscoIOS XR software. For more information on the AAA concepts

and configuration tasks, see Cisco IOS XR System Security Configuration Guide and Cisco IOS XR

System Security Command Reference. For instructions to activate software packages, see Cisco IOS XR

System Management Configuration Guide, Release 3.4.

Displaying Details About User Accounts, User Groups, and Task IDs

Table 5 -3 summarizes the EXEC mode commands used to display details about user accounts, user

groups, and task IDs.

Table5-3 Commands to Display Details About Users and User Groups

Command Description

show aaa userdb username Displays the task IDs and privileges assigned to a specific username. To display

all users on the system, enter the command without a username.

show aaa usergroup usergroup-name Displays the task IDs and privileges that belong to a user group. To display all

groups on the system, enter the command without a group name.

show task supported Displays all task IDs for the system. Only the root-system users, root-lr users, or

users associated with the WRITE:AAA task ID can configure task groups.

Contents

Main Cisco IOS XR Getting Started Guide Page CONTENTS Page Page Page Page Page Preface Changes to This Document About This Document Intended Audience Organization of the Document Related Documents Conventions Obtaining Documentation Cisco.com Product Documentation DVD Ordering Documentation Documentation Feedback Cisco Product Security Overview Reporting Security Problems in Cisco Products Product Alerts and Field Notices Obtaining Technical Assistance Cisco Technical Support & Documentation Website Submitting a Service Request Definitions of Service Request Severity Obtaining Additional Publications and Information Page Introduction to Cisco IOS XR Software Supported Standalone System Configurations Cisco CRS-1 Multishelf System Overview 1-3 Chapter1 Introduction to Cisco IOS XR Softwar e Cisco CRS-1 Multishelf System Overview Figure1-1 Single-FCC Multishelf System 1Cisco CRS-1 16-Slot Line Card Chassis (two 3Cisco Catalyst 6509 Switch (two suggested) 2Cisco CRS-1 Fabric Card Chassis (one required) 1-4 Chapter1 Introduction to Cisco IOS XR Software Cisco CRS-1 Multishelf System Overview Figure1-2 Two-FCC Multishelf System 1Cisco CRS-1 16-Slot Line Card Chassis (two 3Cisco Catalyst 6509 Switch (two suggested) 2Cisco CRS-1 Fabric Card Chassis (two required) Page Router Management Interfaces Command-Line Interface Craft Works Interface Extensible Markup Language API Simple Network Management Protocol Selecting and Identifying the Designated Shelf Controller Selecting and Identifying the DSC on Cisco CRS-1 Routers Selecting and Identifying the DSC on Cisco CRS-1 Multishelf Systems Selecting and Identifying the DSC on Cisco XR 12000 and 12000 Series R outers Connecting to the Router Through the Console Port 1-10 Figure1-4 Communication Ports on the RP for a Cisco CRS-1 16-Slot LCC RP 1-11 Figure1-5 Communication Ports on the RP for Cisco CRS-1 4-slot and 8-Slot LCCs 1-12 Figure1-6 Communication Ports on the PRP-2 for a Cisco XR 12000 Series Router To connect to the router, perform the following procedure. Page Page Bringing Up the Cisco IOS XR Software on a Standalone Router Prerequisites Software Requirements Hardware Prerequisites and Documentation Bringing Up and Configuring a Standalone Router Page Verifying the System After Initial Bring-Up Examples of show Commands 2-6 show environment Command In the following example, LED status of the nodes in a CiscoCRS-1 router is shown: 2-7 See the Cisco IOS XR Interface and Hardware Component Command Reference for more information. show platform Command Note SDRs are introduced in Chapter4, Configuri ng General Router Features. The following administration EXEC mode sample output displays all router nodes: Page Bringing Up the Cisco IOS XR Software on a Multishelf System Prerequisites Software Requirements Hardware Requirements Restrictions Information About Bringing Up a Multishelf System Bringup Overview Preparing a Rack Number Plan 3-4 Chapter3 Bringing Up the Cisco IOS XR Software on a Multishelf System DSC Fabric Cards Table 3 -2 shows a sample rack number plan for a two-FCC system. Page 3-6 Chapter3 Bringing Up the Cisco IOS XR Software on a Multishelf System 129761, 781-00375-01 Figure3-2 Location of the Serial Number on a Fabric Card Chassis SN: XXXNNNNXXXX 3-7 Chapter3 Bringing Up the Cisco IOS XR Sof tware on a Multishelf System SN: AAANNNNXXXX Management Configuration Guide, Release 3.4. Figure3-3 Location of the Serial Number on a Line Card Chassis Configuring the External Cisco Catalyst 6509 Switches Prerequisites Software Requirements Hardware Requirements Restrictions Before You Begin Information About the Catalyst Switch Configuration Configuring the Catalyst Switches Page Page Example: Single-FCC Multishelf System Configuration 3-15 Example: Four-FCC Multishelf System Configuration 3-16 3-17 Verifying the Catalyst Switch Verify the Interface Status Verify Communication Between the Catalyst Switch and an LCC or FCC Verify that the Links are Not Unidirectional Integrated Switch System Prerequisites for an Integrated Switch System Software Requirements Hardware Requirements Restrictions for an Integrated Switch System Before You Begin Information About the Integrated Switch Implementation Integrated Switch Overview Integrated Switch Functions Integrated Switch Control Network Topology LED Definitions for the Integrated Switch System Implementing the Integrated Switch System Implementing the Integrated Switch Through ROMMON Implementing the Integrated Switch in Cisco IOS XR Assigning a Bridge Priority Booting Up the Integrated Switch Network Reenabling the Ports Verifying the Connections of the Integrated Switch Control Network Verifying the Control Ethernet Connection 3-26 Verifying the Port Statistics Verifying Bidirectionality Verifying Unidirectional Link Detection (UDLD) Protocol Information Verifying Spanning Tree Protocol Information Bringing Up and Configuring Rack 0 Page Page Example: Configuring and Verifying the Rack Numbers in a Single-FCC Multishelf System 3-32 Example: Mapping Each Fabric Plane in a Single-FCC Multishelf System Example: Mapping Each Fabric Plane in a Two-FCC Multishelf System The following display is an example of a configuration for a two-FCC multishelf system: 3-33 Example: Mapping Each Fabric Plane in a Four-FCC Multishelf System Bringing Up and Verifying FCCs Page Verify That All Fabric Planes Are Ready to Handle Data 3-37 show controllers fabric connectivity all detail Bringing Up and Verifying the Non-DSC LCC Page Verifying the Spanning Tree Verify That the FCCs and Non-DSC LCC Are Communicating with the DSC 3-41 Verify the Spanning Tree For each RP and SCGE card in the system, verify that: 3-42 3-43 Verifying Fabric Cabling Connections Page 3-45 J0 Figure 3-5 Optical Interface Module LED Panel (Part CRS-FCC-LED) J0 J1 J2 A0 A1 A2 8 4 J0 J1 J2 OIM0 J0 J1 J2 Page Page Configuring General Router Features Secure Domain Routers Connecting and Communicating with the Router RP 4-4 Figure4-2 Communication Ports on the RP for a Cisco CRS-1 4-Slot and 8-Slot LCCs 4-5 Figure4-3 Communication Ports on the DRP PLIM Figure4-4 Communication Ports on the PRP-2 for a Cisco XR 12000 Series Router 4-6 The following sections describe three ways to connect to a DSC or DSDRSC: Establishing a Connection Through the Console Port Page Establishing a Connection Through a Terminal Server Page Establishing a Connection Through the Management Ethernet Interface Logging In to a Router or an SDR CLI Prompt User Access Privileges User Groups, Task Groups, and Task IDs Predefined User Groups Displaying the User Groups and Task IDs for Your User Account 4-15 To display your username, enter the show user command: Table4-3 Options to Display Information About Your Account (continued) Command Description 4-16 To display the user groups assigned to your user account, enter the show user group command: To display the rights assigned to a user group, enter the show aaa usergroup group-name command : 4-17 Navigating the Cisco IOS XR Command Modes Identifying the Command Mode in the CLI Prompt Summary of Common Command Modes Page Entering EXEC Commands from a Configuration Mode Command Mode Navigation Example Managing Configuration Sessions Displaying the Active Configuration Sessions Starting a Configuration Session Starting an Exclusive Configuration Session Displaying Configuration Details with show Commands Displaying the Running Configuration 4-27 Displaying a Sanitized Version of the Running Configuration 4-29 Displaying the Target Configuration Displaying a Combined Target and Running Configuration Displaying Configuration Error Messages and Descriptions Displaying Configuration Error Messages Without Descriptions Displaying Configuration Error Messages Produced While Loading a Configuration Saving the Target Configuration to a File Loading the Target Configuration from a File Loading an Alternative Configuration at System Startup Clearing All Changes to a Target Configuration Committing Changes to the Running Configuration Page Reloading a Failed Configuration Exiting a Configuration Submode Returning Directly to Configuration Mode from a Submode Ending a Configuration Session Aborting a Configuration Session Configuring the SDR Hostname Configuring the Management Ethernet Interface Specifying the Management Ethernet Interface Name in CLI Commands Displaying the Available Management Ethernet Interfaces Configuring the Management Ethernet Interface Prerequisites Page 4-43 Command or Action Purpose Step8 Displays the interface details to verify the settings. slot Manually Setting the Router Clock Page Page Configuring Additional Router Features Configuring the Domain Name and Domain Name Server Configuring Telnet, HTTP, and XML Host Services Prerequisites Managing Configuration History and Rollback Displaying the CommitIDs Displaying the Configuration Changes Recorded in a CommitID Previewing Rollback Configuration Changes Rolling Back the Configuration to a Specific Rollback Point Rolling Back the Configuration over a Specified Number of Commits Loading CommitID Configuration Changes to the Target Configuration Loading Rollback Configuration Changes to the Target Configuration Deleting CommitIDs Configuring Logging and Logging Correlation Logging Locations and Severity Levels Alarm Logging Correlation Configuring Basic Message Logging Page Disabling Console Logging Creating and Modifying User Accounts and User Groups Displaying Details About User Accounts, User Groups, and Task IDs Configuring User Accounts Creating Users and Assigning Groups Page Configuration Limiting Static Route Configuration Limits IS-IS Configuration Limits OSPFv2 and v3 Configuration Limits Maximum Interfaces for Each OSPF Instance 5-19 The following example configures the maximum interface limit on a router: Maximum Routes Redistributed into OSPF Number of Parallel Links (max-paths) BGP Configuration Limits Routing Policy Language Line and Policy Limits 5-22 Multicast Configuration Limits MPLS Configuration Limits Other Configuration Limits CLI Tips, Techniques, and Shortcuts CLI Tips and Shortcuts Entering Abbreviated Commands Using the Question Mark (?) to Display On-Screen Command Help 6-3 the command: that apply to the keyword and brief explanations: Step3 Enter the deny option and a question mark to see more command options: Generally, uppercase letters represent variables (arguments). Completing a Partial Command with the Tab Key Identifying Command Syntax Errors Using the no Form of a Command Editing Command Lines that Wrap Displaying System Information with show Commands Common show Commands Browsing Display Output when the --More-- Prompt Appears Halting the Display of Screen Output Redirecting Output to a File Narrowing Output from Large Configurations Limiting show Command Output to a Specific Feature or Interface 6-9 Using Wildcards to Display All Instances of an Interface Filtering show Command Output Adding a Filter at the --More-- Prompt Wildcards, Templates, and Aliases Using Wildcards to Identify Interfaces in show Commands Example 6-12 In the following example, the state of all POS interfaces is displayed: Creating Configuration Templates Page Applying Configuration Templates Aliases Keystrokes Used as Command Aliases Command History Displaying Previously Entered Commands Recalling Previously Entered Commands Recalling Deleted Entries Redisplaying the Command Line Key Combinations Key Combinations to Move the Cursor Keystrokes to Control Capitalization Keystrokes to Delete CLI Entries Transposing Mistyped Characters Page Troubleshooting the Cisco IOS XR Software Additional Sources for Information Basic Troubleshooting Commands Using show Commands to Display System Status and Configuration Using the ping Command Using the traceroute Command Using debug Commands Displaying a List of Debug Features Enabling Debugging for a Feature Displaying Debugging Status Disabling Debugging for a Service Disabling Debugging for All Services Started at the Active Terminal Session Disabling Debugging for All Services Started at All Terminal Sessions Configuration Error Messages Configuration Failures During a Commit Operation Configuration Errors at Startup Memory Warnings in Configuration Sessions Understanding Low-Memory Warnings in Configuration Sessions WARNING! MEMORY IS IN MINOR STATE ERROR! MEMORY IS IN SEVERE (or CRITICAL) STATE Displaying System Memory Information Removing Configurations to Resolve Low-Memory Warnings Clearing a Target Configuration Removing Committed Configurations to Free System Memory Rolling Back to a Previously Committed Configuration Clearing Configuration Sessions Contacting TAC for Additional Assistance Interfaces Not Coming Up Verifying the System Interfaces 7-14 Note Line cards in Cisco CRS-1 routers are called modular services cards (MSCs). The show platform 7-15 following tasks: a. Verify that the status of the interface is Shutdown: b. Bring the interface up with the following commands: Step7 Verify again that the interface is up by entering the show ipv4 interface brief command: 7-16 APPENDIX A Understanding Regular Expressions, Special Characters, and Patterns Regular Expressions Special Characters Character Pattern Ranges Multiple-Character Patterns Complex Regular Expressions Using Multipliers Pattern Alternation Anchor Characters Underscore Wildcard Parentheses Used for Pattern Recall Page Page GLOSSARY A B C D E F G H I K L M N O P Q R S T U V W X Page INDEX Symbols A B C Page D E F G H I K M N O P R S T U W X