Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring User Access (NSM Procedure)

    This section includes the following topics:

    Configuring Login Classes

    You can define any number of login classes and then apply one login class to an individual user account. All users who can log in to the router must be in a login class. With login classes, you define the following:

    • Access privileges users have when they are logged in to the router
    • Commands and statements that users can and cannot specify
    • How long a login session can be idle before it times out and the user is logged out

    To configure login classes:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab and then double-click the device for which you want to configure a login class.
    3. Click the Configuration tab. In the configuration tree, select System>Login>Class .
    4. Add or modify login class settings as specified in Table 1.
    5. Click one:
      • New—Adds a new login class.
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Search—Search a login class.

    Table 1: Login Class Authentication Configuration Details

    Option

    Function

    Your Action

    Class

    Name

    Specifies a name for the login class.

    Enter a name for the login class.

    Comment

    Specifies the comment added to the class.

    Enter a comment.

    Access Start

    Specifies the start time for remote access.

    Enter the start time for remote access in hh:mm format.

    Access End

    Specifies the end time for remote access.

    Enter the end time for remote access in hh:mm format.

    Idle Timeout

    Specifies the maximum idle time before logout.

    Enter the maximum idle time before logout in minutes.

    Login Alarms

    Displays the system alarms when logging in.

    Login Script

    Executes the login-script when logging in.

    Login Tip

    Displays tips when logging in.

    Allow Commands

    Specifies the operational mode commands that members of a login class can use.

    Enter the command name enclosed in quotation marks. For example, “request system reboot”.

    Deny Commands

    Specifies the regular expression for commands to deny explicitly.

    Enter the command name enclosed in quotation marks. For example, "(show system statistics)|(show bgp summary)".

    Allow Configuration

    Specifies the regular expression for configure to be allowed explicitly.

    Enter the configuration in quotation marks. For example, “regular expression 1”.

    Deny Configuration

    Specifies the regular expression for configure to be denied explicitly.

    Enter the configuration in quotation marks. For example, “system services”.

    Security Roles

    Specifies the common criteria for security role.

    The options available are:

    • none
    • audit-administrator
    • crypto-administrator
    • ids-administrator
    • security-administrator
    Login > Class > Allow Configuration Regexps

    Allow Configuration Regexps

    Specifies the object path regular expressions to be allowed.

    Enter a regular expression string. For example, “interfaces .* description .*” “interfaces .* unit .* description .*” "interfaces .* unit .* family inet address .* “interfaces .* disable” .

    Login > Class > Allowed Days

    Allowed Days

    Specifies the day(s) of week when access is allowed.

    Select the day(s) from the drop down box. For example, Monday.

    Login > Class > Deny Configuration Regexps

    Deny Configuration Regular Expressions

    Specifies the object path regular expressions to be denied.

    Enter the regular expression string. For example, “system” “protocols” .

    Login > Class > Permissions

    Permissions

    Configures the login access privileges to be provided on the device.

    Enter a new permission.

    Configuring User Accounts

    User accounts provide one way for users to access the device. (Users can access the router without accounts if you configured RADIUS or TACACS+ servers.) For each account, define the login name for the user and, optionally, information that identifies the user. After you have created an account, a home directory is created for the user.

    To configure user accounts:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab and then double-click the device for which you want to configure login class.
    3. Click the Configuration tab. In the configuration tree, select System > Login > User.
    4. Add or modify login class settings as specified in Table 2.
    5. Click one:
      • New—Adds a new user account.
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Search—Search the available login classes.

    Table 2: User Authentication Configuration Details

    Option

    Function

    Your Action

    Name

    Identifies the user with a unique name.

    Enter a unique name for the user.

    Comment

    Specifies the comment added to the login class.

    Enter a comment.

    Full Name

    Specifies the full name of the user.

    Enter the full name.

    Uid

    Specifies the user identifier.

    Enter an user ID. For example, 100...64000.

    Class

    Specifies the user's login class.

    Select the class name.

    Login > User > Authentication

    Plain Text Password Value

    Specifies the user’s password.

    Enter the plain text password for the user.

    Login > User > Authentication > Ssh DSA

    Ssh DSA

    Specifies the secure shell (ssh) DSA public key string.

    Enter a DSA public key string.

    Name

    Specifies the name of the DSA public string.

    Enter an unique name for the DSA public string.

    Comment

    Specifies the comment added to the ssh data.

    Enter a comment.

    From

    Specifies the pattern-list of hosts allowed.

    Login > User > Authentication > Ssh Rsa

    Ssh RSA

    Specifies the secure shell (ssh) RSA public key string.

    Enter a RSA public key string.

    Name

    Specifies the name of the RSA public string.

    Enter an unique name for the RSA public string.

    Comment

    Specifies the comment added to the RSA data.

    Enter a comment.

    From

    Specifies the pattern-list of hosts allowed.

    Published: 2013-01-06