Users and Access Privileges
Access privileges to the BTI7800 are managed by associating a user with an access group. The group defines the access privilege level for a user.
The BTI7800 creates a default user admin that has full system access privileges. The purpose of the default user is to allow first time access to the BTI7800 for initial system connectivity and configuration tasks. The user admin cannot be deleted.
For security purposes, once you complete initial configuration tasks, you should change the admin user password. It is also recommended that you create new users with full (superuser) access privileges instead of continuing to use the admin user to manage your system.
Do not forget the passwords to your superuser accounts. If you forget the passwords to all of your superuser accounts, you will need to recommission the system in order to regain superuser access.
The BTI7800 supports the following access privilege groups:
Table 1: BTI7800 Access Privilege Groups
Full access to all system operations.
Access to most network management configuration tasks. This level does not have access to some administrative tasks.
Read-only access to monitor system operations.
Adding a User Account
Use this procedure to add a user account to the local configuration database.
The following restrictions apply:
Only a user with superuser privileges can create, modify, and delete user accounts.
To ensure there is at least one user with full system access, BTI7800 prevents deleting and editing the name and access privilege of the admin user.
- Enter configuration mode.
- Create the user, including name, password, and access
bti7800(config)# users JohnSmith group provisioning password "<password>"
bti7800(config)# commit Commit complete.
See the BTI7800 Series Command Line Reference Guide for information on how passwords with non-alphanumeric characters are entered.
- Display the list of users.
bti7800(config)# do show running-config users
users user1 password $ABC123 users user1 group superuser users user2 password $ABC123 users user2 group provisioning users user3 password $ABC123 users user3 group provisioning users admin password $ABC123
The passwords are displayed in an encrypted form.
Configuring User Session Parameters
Use this procedure to configure user session parameters.
User session parameters govern CLI behavior for the specified user. You can create command aliases, change the prompt, configure the idle timeout, and control many more session parameters. For a complete list of parameters, see the BTI7800 Series CLI Reference Guide.
- Enter configuration mode.
- Enter user-profile mode for the user you want to manage.
bti7800(config)# user-profile user
If the profile does not exist, it is created.
- Set the various parameters as desired.
For example, to disable the autowizard, enable pagination, and to set the idle timeout to 300 seconds:
bti7800(config-user-profile-user)# session autowizard false
bti7800(config-user-profile-user)# session paginate true bti7800(config-user-profile-user)# session idle-timeout 300
- Apply the changes.
Some changes take effect immediately. Others take effect when you reenter configuration mode. Yet others take effect the next time you log in.
Resetting the Password for the admin User
Use this procedure to reset the admin user’s password to the factory default setting. This procedure requires you to log in to the craft interface. You cannot reset the admin password over the management network.
This procedure is specific to resetting the password for the user called admin. It cannot be used to reset any other user’s password.
- Log in to the craft interface of the active CMM as the
admincraft user. See Logging In to the CMM Craft Ethernet or
Craft Serial Ports.
If you do not know which CMM is active, try one CMM, and if the login attempt fails, try the other. The admincraft user is only allowed to log in to the active CMM. The system rejects any login attempts as the admincraft user on the standby CMM.
- Start a CLI session.
If you log in on the craft serial port, you are placed into the commissioning shell. Type cli to start a CLI session.
If you log in on the craft Ethernet port, you are automatically placed into a CLI session.
- Reset the admin password using the debug utilities command.
bti7800# debug-utils reset-admin-password
Commit complete. bti7800#
The admin password is now reset to the factory default setting.
- Type exit to exit the CLI session.