Step 2: Up and Running
Configure User Accounts
You can add new user accounts to the device's local database. User accounts enable authorized users to access the device. You can control the permissions and access privileges of user accounts through login classes. Multiple login classes can be assigned per user account, and you can define as many login classes as you need.
The login password must meet the following criteria:
The password must be at least six characters long.
You can include most character classes in a password (alphabetic, numeric, and special characters), but you cannot use control characters.
The password must contain at least one change of case or character class.
In this example, we show you how to create a login class named operator-and-boot. You'll assign this login class permissions to use the clear, network, reset, trace, and view commands. Then you'll assign the login class to a username and define the encrypted password for the user. You’ll also assign the login class super-user authentication privileges.
This example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
Here’s how you configure user accounts:
- Set the name of the login class, and allow use of the reboot command.[edit system login]root@ hostname# set class operator-and-boot allow-commands “request system reboot”
- Set the permissions for the login class.[edit system login]root@ hostname# set class operator-and-boot permissions [clear network reset trace view]
- Define the user name, bind the user to the operator-and-boot class, and configure a pre-encrypted password for the user.
Note In the below step you are entering a pre-encrypted password. You can use the plain-text-password argument if you wish to enter a clear text password that will then be encrypted.
[edit system login]root@ hostname#set user name class operator-and-boot authentication encrypted-password $1$ABC123 - From configuration mode, confirm your configuration by
entering the show system login command. If the output does
not display the intended configuration, try the configuration instructions
in this example again.[edit]root@ hostname# show system loginclass operator-and-boot {permissions [ clear network reset trace view ];allow-commands "request system reboot";}user name {classoperator-and-boot;authentication {encrypted-password "$1$ABC123";}}
- If you are done configuring the device, enter commit from configuration mode to apply the configuration.