Limit Console Access For Aaa-Based Users; Verify Configuration Changes; Configuring A Chassis Key - Cisco ASR 5500 System Administration Manual
Hide thumbs
Also See for ASR 5500:
- Administration manual (410 pages) ,
- Installation manual (192 pages) ,
- Installation procedure overview (6 pages)
Table of Contents
Advertisement
Limit Console Access for AAA-based Users
Important
Important
Limit Console Access for AAA-based Users
AAA-based users normally login through on a vty line. However, you may want to limit a few users to
accessing just the Console line. If you do not use the local-user database (or you are running a Trusted build),
this needs to be done by limiting access to the Console line for other AAA-based users. Enable the noconsole
keyword for all levels of admin users that will not have access to the Console line.
The noconsole keyword is available for the Context Configuration mode commands shown below.
configure
context <ctx_name>
The noconsole keyword disables user access to the Console line. By default noconsole is not enabled, thus
all AAA-based users can access the Console line.
Important
Verify Configuration Changes
You can verify changes made related to the separation of authentication methods via the Exec mode show
configuration command. After saving the configuration changes, run show configuration |grep noconsole
and show configuration |grep novty. The output of these commands will indicate any changes you have
made.
Configuring a Chassis Key
A chassis key should be configured for each system. This key is used to decrypt encrypted passwords found
in configuration files.
ASR 5500 System Administration Guide, StarOS Release 21.5
46
Use of the noconsole or novty keywords is only supported on the new local-user database format. If you
have not run update local-user database, you should do so before enabling these keywords. Otherwise,
noconsole and novty keywords will not be saved in the local-user database. After a system reboot, all
users will still be able to access the Console and vty lines. For additional information, see the
and Downgrading the local-user Database, on page
This command does not apply for a Trusted build because the local-used database is unavailable.
administrator <username> { encrypted | nopassword | password } noconsole
config-administrator <username> { encrypted | nopassword | password } noconsole
inspector <username> { encrypted | nopassword | password } noconsole
operator <username> { encrypted | nopassword | password } noconsole
exit
The local-user allow-aaa-authentication noconsole command takes precedence. In that case, all
AAA-based users cannot access the Console line.
38.
System Settings
Updating
Advertisement
Table of Contents
Troubleshooting
