User Management. Cisco UCS Central User Accounts. This chapter includes the following sections:
|
|
|
- Morgan Patrick
- 5 years ago
- Views:
Transcription
1 This chapter includes the following sections: Cisco UCS Central User Accounts, page 1 Configuring Passwords, page 10 Configuring User Roles, page 14 Configuring User Locales, page 24 Configuring User Domain Groups, page 31 Configuring User Organizations, page 32 Cisco UCS Central User Accounts User accounts are used to access the system. Up to 128 user accounts can be configured in each Cisco UCS Central domain. Each user account must have a unique username and password. A user account can be set with a SSH public key. The public key can be set in either of the two formats: OpenSSH and SECSH. Admin Account Cisco UCS Central has an admin account. The admin account is a default user account and cannot be modified or deleted. This account is the system administrator or superuser account and has full privileges. There is no default password assigned to the admin account; you must choose the password during the initial system setup. The admin account is always active and does not expire. You cannot configure the admin account as inactive. The local admin user is able to login for fail over, even when authentication is set to remote. Locally Authenticated User Accounts A locally authenticated user account is authenticated through the Cisco UCS Central user database, and can be enabled or disabled by anyone with admin or aaa privileges. Once a local user account is disabled, the user cannot log in. Configuration details for disabled local user accounts are not deleted by the database. If you re-enable a disabled local user account, the account becomes active again with the existing configuration, including username and password. OL
2 Guidelines for Creating Usernames Remotely Authenticated User Accounts A remotely authenticated user account is any Cisco UCS Central user account that is authenticated through LDAP. Cisco UCS domainssupport LDAP, RADIUS and TACACS+. If a user maintains a local user account and a remote user account simultaneously, the roles defined in the local user account override those maintained in the remote user account. Expiration of User Accounts User accounts can be configured to expire at a predefined time. When the expiration time is reached, the user account is disabled. By default, user accounts do not expire. Note After you configure a user account with an expiration date, you cannot reconfigure the account to not expire. You can, however, configure the account with the latest expiration date available. Guidelines for Creating Usernames The username is also used as the login ID for Cisco UCS Central. When you assign login IDs to Cisco UCS Central user accounts, consider the following guidelines and restrictions: The login ID can contain between 1 and 32 characters, including the following: Any alphabetic character Any digit _ (underscore) - (dash). (dot) The login ID must be unique within Cisco UCS Central. The login ID must start with an alphabetic character. It cannot start with a number or a special character, such as an underscore. The login ID is case-sensitive. You cannot create an all-numeric login ID. After you create a user account, you cannot change the login ID. You must delete the user account and create a new one. Reserved Words: Locally Authenticated User Accounts The following words cannot be used when creating a local user account in Cisco UCS. root bin 2 OL
3 Creating a Locally Authenticated User Account daemon adm lp sync shutdown halt news uucp operator games gopher nobody nscd mailnull mail rpcuser rpc mtsuser ftpuser ftp man sys samdme debug Creating a Locally Authenticated User Account At a minimum, we recommend that you create the following users: Server administrator account Network administrator account Storage administrator Before You Begin Perform the following tasks, if the system includes any of the following: OL
4 Creating a Locally Authenticated User Account Remote authentication services, ensure the users exist in the remote authentication server with the appropriate roles and privileges. Multi-tenancy with organizations, create one or more locales. If you do not have any locales, all users are created in root and are assigned roles and privileges in all organizations. SSH authentication, obtain the SSH key. Step 6 Step 7 Step 8 Step 9 # scope domain-group / /domain-group # scope security /domain-group/security # create local-user local-user-name /domain-group/security/local-user* # set account-status {active inactive} /domain-group/security/local-user* # set password password /domain-group/security/local-user* # set firstname first-name /domain-group/security/local-user* # set lastname last-name /domain-group/security/local-user* # set expiration month day-of-month year Enters domain group root mode. Creates a user account for the specified local user and enters security local user mode. Specifies whether the local user account is enabled or disabled. The admin user account is always set to active. It cannot be modified. Note If you set the account status to inactive, the configuration is not deleted from the database. The user is prevented from logging into the system using their existing credentials. Sets the password for the user account (Optional) Specifies the first name of the user. (Optional) Specifies the last name of the user. (Optional) Specifies the date that the user account expires. The month argument is the first three letters of the month name. Note After you configure a user account with an expiration date, you cannot reconfigure the account to not expire. You can, however, configure the account with the latest expiration date available. 4 OL
5 Creating a Locally Authenticated User Account /domain-group/security/local-user* # set -addr /domain-group/security/local-user* # set phone phone-num /domain-group/security/local-user* # set sshkey ssh-key /domain-group/security/local-user* # (Optional) Specifies the user address. (Optional) Specifies the user phone number. (Optional) Specifies the SSH key used for passwordless access. Commits the transaction. The following example shows how to create the user account named kikipopo, enable the user account, set the password to foo12345, and commit the transaction: # scope domain-group / /domain-group # scope security /domain-group/security # create local-user kikipopo /domain-group/security/local-user* # set account-status active /domain-group/security/local-user* # set password Enter a password: Confirm the password: /domain-group/security/local-user* # /domain-group/security/local-user # The following example shows how to create the user account named lincey, enable the user account, set an OpenSSH key for passwordless access, and commit the transaction. # scope domain-group / /domain-group # scope security /domain-group/security # create local-user lincey /domain-group/security/local-user* # set account-status active /domain-group/security/local-user* # set sshkey "ssh-rsa AAAAB3NzaC1yc2EAAAA BIwAAAIEAuo9VQ2CmWBI9/S1f30klCWjnV3lgdXMzO0WUl5iPw85lkdQqap+NFuNmHcb4KiaQB8X/PDdmtlxQQcawclj+k8f4 VcOelBxlsGk5luq5ls1ob1VOIEwcKEL/h5lrdbNlI8y3SS9I/gGiBZ9ARlop9LDpDm8HPh2LOgyH7Ei1MI8=" /domain-group/security/local-user* # /domain-group/security/local-user # The following example shows how to create the user account named jforlenz, enable the user account, set a Secure SSH key for passwordless access, and commit the transaction. # scope domain-group / /domain-group # scope security /domain-group/security # create local-user jforlenz /domain-group/security/local-user* # set account-status active /domain-group/security/local-user* # set sshkey Enter lines one at a time. Enter ENDOFBUF to finish. Press ^C to abort. User's SSH key: > ---- BEGIN SSH2 PUBLIC KEY ---- > AAAAB3NzaC1yc2EAAAABIwAAAIEAuo9VQ2CmWBI9/S1f30klCWjnV3lgdXMzO0WUl5iPw8 > 5lkdQqap+NFuNmHcb4KiaQB8X/PDdmtlxQQcawclj+k8f4VcOelBxlsGk5luq5ls1ob1VO > IEwcKEL/h5lrdbNlI8y3SS9I/gGiBZ9ARlop9LDpDm8HPh2LOgyH7Ei1MI8= > ---- END SSH2 PUBLIC KEY ---- OL
6 Deleting a Locally Authenticated User Account > ENDOFBUF /domain-group/security/local-user* # /domain-group/security/local-user # Deleting a Locally Authenticated User Account # scope domain-group domain-group Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. /domain-group # scope security /domain-group/security # delete local-user local-user-name /domain-group/security* # Deletes the local-user account. Commits the transaction to the system configuration. The following example deletes the foo user account and commits the transaction: # scope domain-group /domain-group # scope security /domain-group/security # delete local-user foo /domain-group/security* # /domain-group/security # Enabling the Password Strength Check for Locally Authenticated Users You must be a user with admin, aaa, or domain-group-management privileges to enable the password strength check. If the password strength check is enabled, Cisco UCS Central does not permit a user to choose a password that does not meet the guidelines for a strong password. # scope domain-group / /domain-group # scope security Enters domain group root mode. 6 OL
7 Clearing the Password History for a Locally Authenticated User /domain-group/security # scope password-profile. /domain-group/security/password-profile # set enforce-strong-password {yes no} Specifies whether the password strength check is enabled or disabled. Specifies whether the password strength check is enabled or disabled. The following example enables the password strength check: # scope domain-group / /domain-group # scope security /domain-group/security # scope password-profile /domain-group/security/password-profile # set enforce-strong-password yes /domain-group/security/password-profile # Clearing the Password History for a Locally Authenticated User You must have admin, aaa, or domain-group-management privileges to change the password profile properties. # scope domain-group domain-group Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. Step 6 /domain-group # scope security /domain-group/security # scope local-user local-user-name /domain-group/security/local-user # scope password-profile /domain-group/security/password-profile # set history-count 0 Commits the transaction. Enters password profile security mode. Setting the History Count field to 0 (the default setting) disables the history count and allows users to reuse previously used passwords at any time. Step 7 /domain-group/security/password-profile* # Commits the transaction to the system configuration. OL
8 Enabling or Disabling a User Account The following example shows how to clear the password history count for the user account named kikipopo, and commit the transaction: # scope domain-group /domain-group # scope security /domain-group/security # scope local-user kikipopo /domain-group/security/local-user # scope password-profile /domain-group/security/password-profile # set history-count 0 /domain-group/security/password-profile* # /domain-group/security/password-profile # Enabling or Disabling a User Account You must be a user with admin, aaa, or domain-group-management privileges to enable or disable a local user account. Before You Begin Create a local user account. # scope domain-group domain-group Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. /domain-group # scope security /domain-group/security # scope local-user /domain-group/security/local-user # set account-status {active inactive} Enters local-user security mode. Specifies whether the local user account is enabled or disabled. The admin user account is always set to active. It cannot be modified. Note If you set the account status to inactive, the configuration is not deleted from the database. The user is prevented from logging into the system using their existing credentials. The following example shows how to enable a local user account called accounting: # scope domain-group 8 OL
9 Web Session Limits for User Accounts /domain-group # scope security /domain-group/security # scope local-user accounting /domain-group/security/local-user # set account-status active Web Session Limits for User Accounts Cisco UCS Central does not support managing a number of concurrent web sessions at this time. We do support 32 concurrent web sessions for Cisco UCS Central users and a total of 256 concurrent sessions for all users. Monitoring User Sessions UCSC# scope system UCSC /system # scope security UCSC /security # show user-sessions {local remote} [detail] Enters system mode. Displays session information for all users logged in to the system. An asterisk (*) next to the session ID denotes the current login session. The following example lists all local users logged in to the system. The asterisk indicates which session is the current login session. UCSC# scope system UCSC /system # scope security UCSC /security # show user-sessions local Session Id User Host Login Time pts_25_1_31264* steve T14:06: ttys0_1_3532 jeff console T15:11: web_25277_a faye T22:11: The following example displays detailed information on all local users logged in to the system: UCSC# scope system UCSC /system # scope security UCSC /security # show user-sessions local detail Session Id pts_25_1_31264: Fabric Id: A Term: pts/25 User: steve Host: Pid: Login Time: T14:06: Session Id ttys0_1_3532: Fabric Id: A Term: ttys0 User: jeff Host: console Pid: 3532 Login Time: T15:11: Session Id web_25277_a: OL
10 Configuring Passwords Fabric Id: A Term: web_25277 User: faye Host: Pid: 3518 Login Time: T22:11: Configuring Passwords Guidelines for Creating Passwords Each locally authenticated user account requires a password. A user with admin, aaa, or domain-group-management privileges can configure Cisco UCS Central to perform a password strength check on user passwords. If the password strength check is enabled, each user must have a strong password. Cisco recommends that each user have a strong password. If you enable the password strength check for locally authenticated users, Cisco UCS Central rejects any password that does not meet the following requirements: Must contain a minimum of 8 characters and a maximum of 80 characters. Must contain at least three of the following: Lower case letters Upper case letters Digits Special characters Must not contain a character that is repeated more than 3 times consecutively, such as aaabbb. Must not be identical to the username or the reverse of the username. Must pass a password dictionary check. For example, the password must not be based on a standard dictionary word. Must not contain the following symbols: $ (dollar sign),? (question mark), and = (equals sign). Should not be blank for local user and admin accounts. Password Profile for Locally Authenticated Users The password profile contains the password history and password change interval properties for all locally authenticated users of Cisco UCS Central. You cannot specify a different password profile for each locally authenticated user. Note You must have admin, aaa, or domain-group-management privileges to change the password profile properties. Except for password history, these properties do not apply to users with these administrative privileges. 10 OL
11 Configuring the Maximum Number of Password Changes for a Change Interval Password History Count The password history count allows you to prevent locally authenticated users from reusing the same password over and over again. When this property is configured, Cisco UCS Central stores passwords that were previously used by locally authenticated users up to a maximum of 15 passwords. The passwords are stored in reverse chronological order with the most recent password first to ensure that the only the oldest password can be reused when the history count threshold is reached. A user must create and use the number of passwords configured in the password history count before being able to reuse one. For example, if you set the password history count to 8, a locally authenticated user cannot reuse the first password until after the ninth password has expired. By default, the password history is set to 0. This value disables the history count and allows users to reuse previously passwords at any time. If necessary, you can clear the password history count for a locally authenticated user and enable reuse of previous passwords. Password Change Interval The password change interval enables you to restrict the number of password changes a locally authenticated user can make within a given number of hours. The following table describes the two configuration options for the password change interval. Interval Configuration No password change allowed Description This option does not allow passwords for locally authenticated users to be changed within a specified number of hours after a password change. You can specify a no change interval between 1 and 745 hours. By default, the no change interval is 24 hours. Example For example, to prevent passwords from being changed within 48 hours after a locally authenticated user changes his or her password, set the following: Change during interval to disable No change interval to 48 Password changes allowed within change interval This option specifies the maximum number of times that passwords for locally authenticated users can be changed within a pre-defined interval. You can specify a change interval between 1 and 745 hours and a maximum number of password changes between 0 and 10. By default, a locally authenticated user is permitted a maximum of 2 password changes within a 48 hour interval. For example, to allow to be changed a maximum of once within 24 hours after a locally authenticated user changes his or her password, set the following: Change during interval to enable Change count to 1 Change interval to 24 Configuring the Maximum Number of Password Changes for a Change Interval You must have admin, aaa, or domain-group-management privileges to change the password profile properties. Except for password history, these properties do not apply to users with these administrative privileges. OL
12 Configuring the Maximum Number of Password Changes for a Change Interval # scope domain-group domain-group Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. Step 6 Step 7 Step 8 /domain-group # scope security /domain-group/security # scope password-profile /domain-group/security/password-profile # set change-during-interval enable /domain-group/security/password-profile* # set change-count pass-change-num /domain-group/security/password-profile* # set change-interval num-of-hours /domain-group/security/password-profile* # Enters password profile security mode. Restricts the number of password changes a locally authenticated user can make within a given number of hours. Specifies the maximum number of times a locally authenticated user can change his or her password during the Change Interval. This value can be anywhere from 0 to 10. Specifies the maximum number of hours over which the number of password changes specified in the Change Count field are enforced. This value can be anywhere from 1 to 745 hours. For example, if this field is set to 48 and thechange Count field is set to 2, a locally authenticated user can make no more than 2 password changes within a 48 hour period. Commits the transaction to the system configuration. The following example shows how to enable the change during interval option, set the change count to 5, set the change interval to 72 hours, and commit the transaction: # scope domain-group /domain-group # scope security /domain-group/security # scope password-profile /domain-group/security/password-profile # set change-during-interval enable /domain-group/security/password-profile* # set change-count 5 /domain-group/security/password-profile* # set change-interval 72 /domain-group/security/password-profile* # /domain-group/security/password-profile # 12 OL
13 Configuring a No Change Interval for Passwords Configuring a No Change Interval for Passwords You must have admin, aaa, or domain-group-management privileges to change the password profile properties. Except for password history, these properties do not apply to users with these administrative privileges. Step 6 Step 7 # scope domain-group domain-group /domain-group # scope security /domain-group/security # scope password-profile /domain-group/security/password-profile # set change-during-interval disable /domain-group/security/password-profile* # set no-change-interval min-num-hours /domain-group/security/password-profile* # Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. Enters password profile security mode. Disables the change during interval feature. Specifies the minimum number of hours that a locally authenticated user must wait before changing a newly created password.. This value can be anywhere from 1 to 745 hours. This interval is ignored if the Change During Interval property is not set to Disable. Commits the transaction to the system configuration. The following example shows how to disable the change during interval option, set the no change interval to 72 hours, and commit the transaction: # scope domain-group /domain-group # scope security /domain-group/security # scope password-profile /domain-group/security/password-profile # set change-during-interval disable /domain-group/security/password-profile* # set no-change-interval 72 /domain-group/security/password-profile* # /domain-group/security/password-profile # Configuring the Password History Count You must have admin or aaa privileges to change the password profile properties. OL
14 Configuring User Roles # scope domain-group domain-group Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. Step 6 /domain-group # scope security /domain-group/security # scope password-profile /domain-group/security/password-profile # set history-count num-of-passwords /domain-group/security/password-profile* # Enters password profile security mode. Specifies the number of unique passwords that a locally authenticated user must create before that user can reuse a previously used password This value can be anywhere from 0 to 15. By default, the History Count field is set to 0, which disables the history count and allows users to reuse previously used passwords at any time. Commits the transaction to the system configuration. The following example configures the password history count and commits the transaction: # scope domain-group /domain-group # scope security /domain-group/security # scope password-profile /domain-group/security/password-profile # set history-count 5 /domain-group/security/password-profile* # /domain-group/security/password-profile # Configuring User Roles Role-Based Access Control Role-Based Access Control (RBAC) is a method of restricting or authorizing system access for users based on user roles and locales. A role defines the privileges of a user in the system and the locale defines the organizations (domains) that a user is allowed access. Because users are not directly assigned privileges, management of individual user privileges is simply a matter of assigning the appropriate roles and locales. A user is granted write access to desired system resources only if the assigned role grants the access privileges and the assigned locale allows access. For example, a user with the Server Administrator role in the Engineering organization could update server configurations in the Engineering organization but could not update server 14 OL
15 Role-Based Access Control configurations in the Finance organization unless the locales assigned to the user include the Finance organization. User Roles User roles contain one or more privileges that define the operations that are allowed for a user. One or more roles can be assigned to each user. Users with multiple roles have the combined privileges of all assigned roles. For example, if Role1 has storage-related privileges, and Role2 has server-related privileges, users with Role1 and Role2 have both storage-related and server-related privileges. A Cisco UCS domain can contain up to 48 user roles, including the default user roles. Each domain group in Cisco UCS Central can contain 48 user roles, including the user roles that are inherited from the parent domain group. When user roles are pushed to Cisco UCS Manager from Cisco UCS Central, only the first 48 roles will be active. Any user roles after the first 48 will be inactive with faults raised. All roles include read access to all configuration settings in the Cisco UCS domain. Users with read-only roles cannot modify the system state. Roles can be created, modified to add new or remove existing privileges, or deleted. When a role is modified, the new privileges are applied to all users that have that role. Privilege assignment is not restricted to the privileges defined for the default roles. That is, you can use a custom set of privileges to create a unique role. For example, the default Server Administrator and Storage Administrator roles have a different set of privileges, but a new Server and Storage Administrator role can be created that combines the privileges of both roles. If a role is deleted after it has been assigned to users, it is also deleted from those user accounts. User profiles on AAA servers (RADIUS or TACACS+) should be modified to add the roles corresponding to the privileges granted to that user. The attribute is used to store the role information. The AAA servers return this attribute with the request and parse it to get the roles. LDAP servers return the roles in the user profile attributes. Default User Roles The system contains the following default user roles: AAA Administrator Read-and-write access to users, roles, and AAA configuration. Read access to the rest of the system. Administrator Complete read-and-write access to the entire system. The default admin account is assigned this role by default and it cannot be changed. Facility Manager Read-and-write access to power management operations through the power-mgmt privilege. Read access to the rest of the system. Network Administrator Read-and-write access to fabric interconnect infrastructure and network security operations. Read access to the rest of the system. OL
16 Role-Based Access Control Operations Read-and-write access to systems logs, including the syslog servers, and faults. Read access to the rest of the system. Read-Only Read-only access to system configuration with no privileges to modify the system state. Server Compute Read and write access to most aspects of service profiles. However the user cannot create, modify or delete vnics or vhbas. Server Equipment Administrator Read-and-write access to physical server related operations. Read access to the rest of the system. Server Profile Administrator Read-and-write access to logical server related operations. Read access to the rest of the system. Server Security Administrator Read-and-write access to server security related operations. Read access to the rest of the system. Storage Administrator Read-and-write access to storage operations. Read access to the rest of the system. Reserved Words: User Roles The following words cannot be used when creating custom roles in Cisco UCS. network-admin network-operator vdc-admin vdc-operator server-admin Privileges Privileges give users assigned to user roles access to specific system resources and permission to perform specific tasks. The following table lists each privilege and the user role given that privilege by default. Table 1: User Privileges Privilege aaa admin Description System security and AAA System administration Default Role Assignment AAA Administrator Administrator 16 OL
17 Role-Based Access Control Privilege domain-group-management ext-lan-config ext-lan-policy ext-lan-qos ext-lan-security ext-san-config ext-san-policy ext-san-qos ext-san-security fault operations org-management pod-config pod-policy pod-qos pod-security power-mgmt read-only server-equipment server-maintenance server-policy server-security Description Domain Group Management External LAN configuration External LAN policy External LAN QoS External LAN security External SAN configuration External SAN policy External SAN QoS External SAN security Alarms and alarm policies Logs and Smart Call Home Organization management Pod configuration Pod policy Pod QoS Pod security Read-and-write access to power management operations Read-only access Read-only cannot be selected as a privilege; it is assigned to every user role. Server hardware management Server maintenance Server policy Server security Default Role Assignment Domain Group Administrator Network Administrator Network Administrator Network Administrator Network Administrator Storage Administrator Storage Administrator Storage Administrator Storage Administrator Operations Operations Operations Network Administrator Network Administrator Network Administrator Network Administrator Facility Manager Read-Only Server Equipment Administrator Server Equipment Administrator Server Equipment Administrator Server Security Administrator OL
18 Creating a User Role Privilege service-profile-compute service-profile-config service-profile-config-policy service-profile-ext-access service-profile-network service-profile-network-policy service-profile-qos service-profile-qos-policy service-profile-security service-profile-security-policy service-profile-server service-profile-server-oper service-profile-server-policy service-profile-storage service-profile-storage-policy stats Description Service profile compute Service profile configuration Service profile configuration policy Service profile end point access Service profile network Service profile network policy Service profile QoS Service profile QoS policy Service profile security Service profile security policy Service profile server management Service profile consumer Service profile pool policy Service profile storage Service profile storage policy Statistics Management Default Role Assignment Server Compute Administrator Server Profile Administrator Server Profile Administrator Server Profile Administrator Network Administrator Network Administrator Network Administrator Network Administrator Server Security Administrator Server Security Administrator Server Profile Administrator Server Profile Administrator Server Security Administrator Storage Administrator Storage Administrator Statistics Administrator Creating a User Role # scope domain-group domain-group Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. 18 OL
19 Deleting a User Role Step 6 /domain-group # scope security /domain-group/security # create role name /domain-group/security/role* # add privilege privilege-name /domain-group/security/role* # Creates the user role and enters security role mode. Adds one or more privileges to the role. Note You can specify more than one privilege-name on the same command line to add multiple privileges to the role, or you can add privileges to the same role using multiple add commands. Commits the transaction to the system configuration. The following example creates the service-profile-security-admin role, adds the service profile security and service profile security policy privileges to the role, and commits the transaction: # scope domain-group /domain-group # scope security /domain-group/security # create role ls-security-admin /domain-group/security/role* # add privilege service-profile-security service-profile-security-policy /domain-group/security/role* # /domain-group/security/role # Deleting a User Role # scope domain-group domain-group /domain-group # scope security /domain-group/security # delete role name Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. Deletes the user role. OL
20 Adding Privileges to a User Role /domain-group/security/role* # Commits the transaction to the system configuration. The following example deletes the service-profile-security-admin role and commits the transaction: # scope domain-group /domain-group # scope security /domain-group/security # delete role service-profile-security-admin /domain-group/security/role* # /domain-group/security/role # Adding Privileges to a User Role Step 6 # scope domain-group domain-group /domain-group # scope security /domain-group/security # scope role name /domain-group/security/role # add privilege privilege-name /domain-group/security/role* # Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. Enters security role mode for the specified role. Adds one or more privileges to the existing privileges of the user role. Note You can specify more than one privilege-name on the same command line to add multiple privileges to the role, or you can add privileges to the same role using multiple add privilege commands. Commits the transaction to the system configuration. 20 OL
21 Replacing Privileges for a User Role The following example shows how to add the server security and server policy privileges to the service-profile-security-admin role and commit the transaction: # scope domain-group /domain-group # scope security /domain-group/security # scope role /domain-group/security/role # scope role service-profile-security-admin /domain-group/security/role* # add privilege server-security server-policy /domain-group/security/role* # /domain-group/security/role # Replacing Privileges for a User Role Step 6 # scope domain-group domain-group /domain-group # scope security /domain-group/security # scope role name /domain-group/security/role # set privilege privilege-name /domain-group/security/role* # Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. Enters security role mode for the specified role. Replaces the existing privileges of the user role. Note You can specify more than one privilege-name on the same command line to replace the existing privilege with multiple privileges. After replacing the privileges, you can add privileges to the same role using the add privilege command. Commits the transaction to the system configuration. The following example shows how to replace the existing privileges for the service-profile-security-admin role with the server security and server policy privileges and commit the transaction: # scope domain-group /domain-group # scope security /domain-group/security # scope role /domain-group/security/role # scope role service-profile-security-admin /domain-group/security/role* # set privilege server-security server-policy /domain-group/security/role* # /domain-group/security/role # OL
22 Removing Privileges from a User Role Removing Privileges from a User Role Step 6 # scope domain-group domain-group /domain-group # scope security /domain-group/security # scope role name /domain-group/security/role # remove privilege privilege-name /domain-group/security/role* # Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. Enters security role mode for the specified role. Removes one or more privileges from the existing user role privileges. Note You can specify more than one privilege-name on the same command line to remove multiple privileges from the role, or you can remove privileges from the same role using multiple remove privilege commands. Commits the transaction to the system configuration. The following example removes the server security and server policy privileges from the service-profile-security-admin role and commits the transaction: # scope domain-group /domain-group # scope security /domain-group/security # scope role /domain-group/security/role # remove privilege server-security server-policy /domain-group/security/role* # /domain-group/security/role # Assigning a Role to a User Account Changes in user roles and privileges do not take effect until the next time the user logs in. If a user is logged in when you assign a new role to or remove an existing role from a user account, the active session continues with the previous roles and privileges. 22 OL
23 Removing a Role from a User Account Step 6 # scope domain-group domain-group /domain-group # scope security /domain-group/security # scope local-user local-user-name /domain-group/security/local-user # create role role-name /domain-group/security/local-user* # Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. Enters security local user mode for the specified local user account. Assigns the specified role to the user account. Note The create role command can be entered multiple times to assign more than one role to a user account. Commits the transaction. The following example assigns the operations role to the kikipopo local user account and commits the transaction: # scope domain-group /domain-group # scope security /domain-group/security # scope local-user kikipopo /domain-group/security/local-user # create role operations /domain-group/security/local-user* # /domain-group/security/local-user # Removing a Role from a User Account Changes in user roles and privileges do not take effect until the next time the user logs in. If a user is logged in when you assign a new role to or remove an existing role from a user account, the active session continues with the previous roles and privileges. # scope domain-group domain-group Enters domain group root mode and (optionally) enters a domain group under the domain group OL
24 Configuring User Locales root. To enter the domain group root mode, type / as the domain-group. Step 6 /domain-group # scope security /domain-group/security # scope local-user local-user-name /domain-group/security/local-user # delete role role-name /domain-group/security/local-user* # Enters security local user mode for the specified local user account. Removes the specified role from the user account. Note The delete role command can be entered multiple times to remove more than one role from a user account. Commits the transaction. The following example removes the operations role from the kikipopo local user account and commits the transaction: CSC # connect policy-mgr # scope domain-group /domain-group # scope security /domain-group/security # scope local-user kikipopo /domain-group/security/local-user # delete role operations /domain-group/security/local-user* # /domain-group/security/local-user # Configuring User Locales User Locales A user can be assigned one or more locales. Each locale defines one or more organizations (domains) the user is allowed access, and access would be limited to the organizations specified in the locale. One exception to this rule is a locale without any organizations, which gives unrestricted access to system resources in all organizations. A Cisco UCS domain can contain up to 48 user locales. Each domain group in Cisco UCS Central can contain 48 user locales, including the user locales that are inherited from the parent domain group. When user locales are pushed to Cisco UCS Manager from Cisco UCS Central, only the first 48 locales will be active. Any user locales after the first 48 will be inactive with faults raised. Users with admin, aaa, or domain-group-management privileges can assign organizations to the locale of other users. 24 OL
25 Creating a User Locale Note You cannot assign a locale to users with the admin privilege. You can hierarchically manage organizations. A user that is assigned at a top level organization has automatic access to all organizations under it. For example, an Engineering organization can contain a Software Engineering organization and a Hardware Engineering organization. A locale containing only the Software Engineering organization has access to system resources only within that organization; however, a locale that contains the Engineering organization has access to the resources for both the Software Engineering and Hardware Engineering organizations. Creating a User Locale # scope domain-group domain-group /domain-group # scope security /domain-group/security # create locale name /domain-group/security/locale * # create org-ref org-ref-name orgdn orgdn-name Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. Creates the user role and enters security role mode. References (binds) an organization to the locale. The org-ref-name argument is the name used to identify the organization reference, and the orgdn-name argument is the distinguished name of the organization being referenced. Step 6 /domain-group/security/locale * # Commits the transaction to the system configuration. The following example shows how to create the finance organization for the western locale and commit the transaction: # scope domain-group /domain-group # scope security /domain-group/security # create locale western /domain-group/security/locale* # create org-ref finance-ref orgdn finance /domain-group/security/locale* # /domain-group/security/locale # OL
26 Deleting a User Locale Deleting a User Locale # scope domain-group domain-group Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. /domain-group # scope security /domain-group/security # delete locale locale-name /domain-group/security * # Deletes the locale. Commits the transaction to the system configuration. The following example deletes the western locale and commits the transaction: # scope domain-group /domain-group # scope security /domain-group/security # delete locale western /domain-group/security* # /domain-group/security # Assigning a Locale to a User Account Note Do not assign locales to users with an admin role. # scope domain-group domain-group Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. /domain-group # scope security 26 OL
27 Removing a Locale from a User Account UCSC /security # scope local-user local-user-name Enters security local user mode for the specified local user account. Step 6 /domain-group/security/local-user # create locale locale-name /domain-group/security/local-user* # Assigns the specified locale to the user account. Note The create locale command can be entered multiple times to assign more than one locale to a user account. Commits the transaction. The following example shows how to assign the western locale to the kikipopo local user account and commit the transaction: # scope domain-group /domain-group # scope security /domain-group/security/local-user # create locale western /domain-group/security/local-user* # /domain-group/security/local-user # Removing a Locale from a User Account # scope domain-group domain-group /domain-group # scope security /domain-group/security # scope local-user local-user-name /domain-group/security/local-user # delete locale locale-name Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. Enters security local user mode for the specified local user account. Removes the specified locale from the user account. Note The delete locale command can be entered multiple times to remove more than one locale from a user account. OL
28 Assigning an Organization to a User Locale Step 6 /domain-group/security/local-user* # Commits the transaction. The following example removes the western locale from the kikipopo local user account and commits the transaction: # scope domain-group /domain-group # scope security /domain-group/security/local-user # delete locale western /domain-group/security/local-user* # /domain-group/security/local-user # Assigning an Organization to a User Locale # scope domain-group domain-group /domain-group # scope security /domain-group/security # scope locale locale-name /domain-group/security/locale # create org-ref org-ref-name orgdn orgdn-name Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. Enters security locale mode. References (binds) an organization to the locale. The org-ref-name argument is the name used to identify the organization reference, and the orgdn-name argument is the distinguished name of the organization being referenced. Step 6 /domain-group/security/locale * # Commits the transaction to the system configuration. The following example enters the western locale, adds (references) the marketing organization to the locale, names the reference marketing-ref, and commits the transaction: # scope domain-group /domain-group # scope security 28 OL
29 Deleting an Organization from a User Locale /domain-group/security # scope locale western /domain-group/security/locale # create org-ref marketing-ref orgdn marketing /domain-group/security/locale* # /domain-group/security/locale # Deleting an Organization from a User Locale # scope domain-group domain-group Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. Step 6 /domain-group # scope security /domain-group/security # scope locale locale-name /domain-group/security/locale # delete org-ref org-ref-name /domain-group/security/locale * # Enters security locale mode. Deletes the organization from the locale. Commits the transaction to the system configuration. The following example deletes the finance organization from the western locale and commits the transaction: # scope domain-group /domain-group # scope security /domain-group/security # scope locale western /domain-group/security/locale # delete org-ref finance-ref /domain-group/security/locale* # /domain-group/security/locale # Assigning a Domain Group to a User Locale # scope domain-group domain-group Enters domain group root mode and (optionally) enters a domain group under the domain group root. OL
30 Deleting a Domain Group from a User Locale To enter the domain group root mode, type / as the domain-group. /domain-group # scope security /domain-group/security # scope locale locale-name Enters security locale mode. References (binds) a domain group to the locale. /domain-group/security/locale # create The domain-group-ref-name argument (1-16 domain-group-ref domain-group-ref-name characters) is the name used to identify the domain domain-group-dn domaingroup-root-name group reference, and the domain-group-dn-name argument is the distinguished name of the domain group root being referenced. Step 6 /domain-group/security/locale * # Commits the transaction to the system configuration. The following example enters the western locale, adds (references) the marketing domain group to the locale, names the reference marketdomain01-ref, and commits the transaction: # scope domain-group /domain-group # scope security /domain-group/security # scope locale western /domain-group/security/locale # create domain-group-ref marketdomain01 domain-group-dn marketing /domain-group/security/locale* # /domain-group/security/locale # Deleting a Domain Group from a User Locale # scope domain-group domain-group Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. /domain-group # scope security /domain-group/security # scope locale locale-name Enters security locale mode. 30 OL
31 Configuring User Domain Groups /domain-group/security/locale # delete domain-group-ref domain-group-ref-name Deletes references (unbinds) domain groups referenced to the locale. The domain-group-ref-name argument (1-16 characters) is the name used to identify the domain group reference. Step 6 /domain-group/security/locale * # Commits the transaction to the system configuration. The following example enters the western locale, deletes references (unbinds) the marketing domain group references from the locale marketdomain01, and commits the transaction: # scope domain-group /domain-group # scope security /domain-group/security # scope locale western /domain-group/security/locale # delete domain-group-ref marketdomain01 /domain-group/security/locale* # /domain-group/security/locale # Configuring User Domain Groups Creating a User Domain Group # scope domain-group domain-group /domain-group # create domain-group name /domain-group * # Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. Creates the domain group. Commits the transaction to the system configuration. The following example creates the central-audit domain group and commits the transaction: # scope domain-group /domain-group # create domain-group central-audit OL
Configuring Role-Based Access Control
Configuring Role-Based Access Control This chapter includes the following sections: Role-Based Access Control, page 1 User Accounts for Cisco UCS Manager, page 1 User Roles, page 4 User Locales, page 7
Role-Based Access Configuration
Role-Based Access Control Overview, page 1 User Accounts for Cisco UCS, page 1 User Roles, page 3 Locales, page 9 Locally Authenticated User Accounts, page 11 Monitoring User Sessions, page 19 Role-Based
Users and Roles. Role-Based Access Control Overview. Cisco UCS Central User Accounts
Role-Based Access Control Overview, page 1 Cisco UCS Central User Accounts, page 1 User Roles, page 4 Managing UCS Central Roles, page 8 Managing UCS Central Local Users, page 9 Managing UCS Central Remote
Users and Roles. Role-Based Access Control Overview. Cisco UCS Central User Accounts
Role-Based Access Control Overview, page 1 Cisco UCS Central User Accounts, page 1 User Roles, page 4 Managing UCS Central Roles, page 8 Managing UCS Central Local Users, page 9 Managing UCS Central Remote
Configuring Role-Based Access Control
Configuring Role-Based Access Control This chapter includes the following sections: Role-Based Access Control, page 1 User Accounts for Cisco UCS Manager, page 1 User Roles, page 3 Privileges, page 4 User
Cisco UCS Manager Administration Management Guide 3.2
First Published: 2017-08-18 Last Modified: 2018-03-15 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)
Role-Based Access Controls
Configuring User Roles, page 1 Configuring User Roles Role-Based Access Control Overview Role-Based Access Control (RBAC) is a method of restricting or authorizing system access for users based on user
Cisco UCS Manager Administration Management Guide 3.1
First Published: 2016-01-20 Last Modified: 2017-04-27 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)
Password Management Guidelines for Cisco UCS Passwords
Guidelines for Cisco UCS Passwords, page 1 Guidelines for Cisco UCS Usernames, page 3 Configuring the Maximum Number of Password Changes for a Change Interval, page 4 Configuring a No Change Interval for
Configuring User Accounts and RBAC
This chapter contains the following sections: Information About User Accounts and RBAC, page 1 Guidelines and Limitations for User Accounts, page 4 Configuring User Accounts, page 5 Configuring RBAC, page
Configuring User Accounts and RBAC
Configuring User Accounts and RBAC This chapter contains the following sections: Configuring User Accounts and RBAC, page 1 Configuring User Accounts and RBAC This section describes how to configure user
Configuring User Accounts and RBAC
7 CHAPTER This chapter describes how to configure user accounts and role-based access control (RBAC) on NX-OS devices. This chapter includes the following sections: Information About User Accounts and
Configuring User Accounts and RBAC
6 CHAPTER This chapter describes how to configure user accounts and role-based access control (RBAC) on NX-OS devices. This chapter includes the following sections: Information About User Accounts and
Configuring User Accounts and RBAC
This chapter describes how to configure user accounts and role-based access control (RBAC) on Cisco NX-OS devices. This chapter includes the following sections: Finding Feature Information, page 1 Information
Configuring Switch Security
CHAPTER 9 The authentication, authorization, and accounting (AAA) mechanism verifies the identity of, grants access to, and tracks the actions of users managing a switch. The Cisco MDS 9020 Fabric Switch
Cisco FXOS Firepower Chassis Manager Configuration Guide, 1.1(2)
First Published: September 28, 2015 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883
Logging In and Setting Up
This chapter includes the following sections: Overview of, page 1 Resetting the Admin Password, page 3 Password Guidelines, page 3 Resetting the Shared Secret, page 4 Overview of You can log in and work
Configuring Users and Common Roles
Send documentation comments to mdsfeedback-doc@cisco.com. 26 CHAPTER Configuring Users and Common Roles The CLI and SNMP use common roles in all switches in the Cisco MDS 9000 Family. You can use CLI to
Configuring System Security and AAA Services
CHAPTER 14 Security can be independently configured for each of the following management paths: -line interface (CLI) You can access the CLI using one of three connection options: Console (serial connection)
Question No : 1 Which three items must be configured in the port profile client in Cisco UCS Manager? (Choose three.)
Volume: 123 Questions Question No : 1 Which three items must be configured in the port profile client in Cisco UCS Manager? (Choose three.) A. port profile B. DVS C. data center D. folder E. vcenter IP
Managing Users and Configuring Role-Based Access Control
Managing s and Configuring Role-Based Access Control This section describes how to manage users in Prime Central, including defining users and passwords and configuring role-based access control (RBAC).
Message Networking 5.2 Administration print guide
Page 1 of 421 Administration print guide This print guide is a collection of system topics provided in an easy-to-print format for your convenience. Please note that the links shown in this document do
Configuring Service Profiles
This chapter includes the following sections: Service Profiles that Override Server Identity, page 1 Service Profiles that Inherit Server Identity, page 2 Guidelines and Recommendations for Service Profiles,
Configuring SSH and Telnet
6 CHAPTER This chapter describes how to configure Secure Shell Protocol (SSH) and Telnet on Cisco NX-OS devices. This chapter includes the following sections: Information About SSH and Telnet, page 6-1
Configuring TACACS+ About TACACS+
This chapter describes how to configure the Terminal Access Controller Access Control System Plus (TACACS+) protocol on Cisco NX-OS devices. This chapter includes the following sections: About TACACS+,
Cisco Virtual Network Management Center GUI Configuration Guide, Release 1.3
Cisco Virtual Network Management Center GUI Configuration Guide, Release 1.3 First Published: January 31, 2012 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA
AAA and the Local Database
This chapter describes authentication, authorization, and accounting (AAA, pronounced triple A ). AAA is a a set of services for controlling access to computer resources, enforcing policies, assessing
Configuring Security Features on an External AAA Server
CHAPTER 3 Configuring Security Features on an External AAA Server The authentication, authorization, and accounting (AAA) feature verifies the identity of, grants access to, and tracks the actions of users
Managing NCS User Accounts
7 CHAPTER The Administration enables you to schedule tasks, administer accounts, and configure local and external authentication and authorization. Also, set logging options, configure mail servers, and
Manage Administrators and Admin Access Policies
Manage Administrators and Admin Access Policies Role-Based Access Control, page 1 Cisco ISE Administrators, page 1 Cisco ISE Administrator Groups, page 3 Administrative Access to Cisco ISE, page 11 Role-Based
Remote Authentication
Authentication Services, page 1 Guidelines and Recommendations for Providers, page 2 User Attributes in Providers, page 2 Two-Factor Authentication, page 4 LDAP Providers and Groups, page 5 RADIUS Providers,
Backing Up and Restoring the Configuration
Backing Up and Restoring the Configuration This chapter includes the following sections: Backup and Export Configuration, page 1 Backup Types, page 1 Considerations and Recommendations for Backup Operations,
Control Device Administration Using TACACS+
Device Administration, page 1 Device Administration Work Center, page 3 Data Migration from Cisco Secure ACS to Cisco ISE, page 3 Device Administration Deployment Settings, page 3 Device Admin Policy Sets,
Manage Administrators and Admin Access Policies
Manage Administrators and Admin Access Policies Role-Based Access Control, on page 1 Cisco ISE Administrators, on page 1 Cisco ISE Administrator Groups, on page 3 Administrative Access to Cisco ISE, on
User Accounts for Management Access
The Firepower Management Center and managed devices include a default admin account for management access. This chapter discusses how to create custom user accounts for supported models. See Logging into
Control Device Administration Using TACACS+
Device Administration, page 1 Device Administration Work Center, page 3 Data Migration from Cisco Secure ACS to Cisco ISE, page 3 Device Administration Deployment Settings, page 3 Device Admin Policy Sets,
Configuring Server-Related Pools
Configuring Server-Related Pools Server Pool Configuration, page 1 UUID Suffix Pool Configuration, page 2 Management IP Pool Configuration, page 4 Server Pool Configuration Server Pools Configuring a Server
Configuring TACACS+ Information About TACACS+ Send document comments to CHAPTER
4 CHAPTER This chapter describes how to configure the Terminal Access Controller Access Control System Plus (TACACS+) protocol on NX-OS devices. This chapter includes the following sections: Information
Manage Administrators and Admin Access Policies
Manage Administrators and Admin Access Policies Role-Based Access Control, on page 1 Cisco ISE Administrators, on page 1 Cisco ISE Administrator Groups, on page 3 Administrative Access to Cisco ISE, on
Configuring Authentication, Authorization, and Accounting
Configuring Authentication, Authorization, and Accounting This chapter contains the following sections: Information About AAA, page 1 Prerequisites for Remote AAA, page 5 Guidelines and Limitations for
Implementing Cisco Data Center Unified Computing (DCUCI)
Implementing Cisco Data Center Unified Computing (DCUCI) Number: 642-999 Passing Score: 800 Time Limit: 90 min File Version: 3.0 http://www.gratisexam.com/ Exam Topics Implement C-Series stand alone Implementing
Send document comments to
CHAPTER 8 This chapter describes how to configure Telnet and includes the following topics: Information About the Telnet Server, page 8-1 Prerequisites for Telnet, page 8-1 Guidelines and Limitations,
Configuring LDAP. Finding Feature Information
This chapter describes how to configure the Lightweight Directory Access Protocol (LDAP) on Cisco NX-OS devices. This chapter includes the following sections: Finding Feature Information, page 1 Information
ACS 5.x: LDAP Server Configuration Example
ACS 5.x: LDAP Server Configuration Example Document ID: 113473 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information Directory Service Authentication Using
You can monitor or use SPAN on port channels only for ingress traffic.
This chapter includes the following sections: Traffic Monitoring, page 1 Guidelines and Recommendations for Traffic Monitoring, page 2 Creating an Ethernet Traffic Monitoring Session, page 3 Creating a
Configure ASR9k TACACS with Cisco Secure ACS 5.x Server
Configure ASR9k TACACS with Cisco Secure ACS 5.x Server Contents Introduction Prerequisites Requirements Components Used Configuration Predefined Components on IOS XR Predefined User Groups Predefined
Configuring Switch-Based Authentication
CHAPTER 7 This chapter describes how to configure switch-based authentication on the switch. Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack. This chapter consists
Cisco NAC Profiler UI User Administration
CHAPTER 14 Topics in this chapter include: Overview, page 14-1 Managing Cisco NAC Profiler Web User Accounts, page 14-2 Enabling RADIUS Authentication for Cisco NAC Profiler User Accounts, page 14-7 Changing
Configuring TACACS+ Finding Feature Information. Prerequisites for TACACS+
Finding Feature Information, page 1 Prerequisites for TACACS+, page 1 Information About TACACS+, page 3 How to Configure TACACS+, page 7 Monitoring TACACS+, page 16 Finding Feature Information Your software
Security. 9.1 User IDs and Security Levels. 9.2 User Privileges and Policies CHAPTER
9 CHAPTER This chapter provides information about Cisco ONS 15454 users and security. To provision security, refer to the Cisco ONS 15454 Procedure Guide. Chapter topics include: 9.1 User IDs and Levels,
UCS Manager Communication Services
Communication Protocols, page 1 Communication Services, page 1 Non-Secure Communication Services, page 3 Secure Communication Services, page 5 Network-Related Communication Services, page 12 Communication
Configuring RADIUS Clients
CHAPTER 8 This chapter describes the following: Overview Adding RADIUS Clients Editing RADIUS Clients Deleting RADIUS Clients Overview Remote Authentication Dial In User Service (RADIUS) is an AAA (authentication,
Configuring Administrator Usernames and Passwords. Information About Configuring Administrator Usernames and Passwords
Configuring Administrator Usernames and Passwords, on page 1 Creating a Lobby Ambassador Account, on page 2 Configuring Guest User Accounts, on page 5 Password Policies, on page 6 Configuring Administrator
Managing WCS User Accounts
7 CHAPTER This chapter describes how to configure global email parameters and manage WCS user accounts. It contains these sections: Adding WCS User Accounts, page 7-2 Viewing or Editing User Information,
Xcalenets Console Setup Guide. Xcalenets Console Setup Guide (Standalone version)
Xcalenets Console Setup Guide Xcalenets Console Setup Guide (Standalone version) 1 Content CONTENT... 2 Getting Started to Xcalenets Console Setup... 3 Account Level Introduction... 3 Login Console Setup...
Globalization of Local Service Profiles
About Globalizing a Local Service Profile, page 1 About Globalizing a VLAN/VSAN, page 8 About Globalizing a Local Service Profile You can globalize Local Service Profiles (LSP) from Cisco UCS Manager into
Configuring the CSS as a Client of a TACACS+ Server
CHAPTER 4 Configuring the CSS as a Client of a TACACS+ Server The Terminal Access Controller Access Control System (TACACS+) protocol provides access control for routers, network access servers (NAS),
Overview. Introducing Cisco UCS Central. This chapter includes the following sections: Introducing Cisco UCS Central, page 1
This chapter includes the following sections: Introducing Cisco UCS Central, page 1 Introducing Cisco UCS Central Cisco UCS Central provides scalable management solution for growing Cisco UCS environment.
Configuring Security for the ML-Series Card
19 CHAPTER Configuring Security for the ML-Series Card This chapter describes the security features of the ML-Series card. This chapter includes the following major sections: Understanding Security, page
Examples of Cisco APE Scenarios
CHAPTER 5 This chapter describes three example scenarios with which to use Cisco APE: Access to Asynchronous Lines, page 5-1 Cisco IOS Shell, page 5-3 Command Authorization, page 5-5 Note For intructions
Recovering a Lost Password
This chapter includes the following sections:, page 1 Password Recovery for the Admin Account The admin account is the system administrator or superuser account. If an administrator loses the password
Managing WCS User Accounts
CHAPTER 7 This chapter describes how to configure global e-mail parameters and manage WCS user accounts. It contains these sections: Adding WCS User Accounts, page 7-1 Viewing or Editing User Information,
Sample Runbooks. Add Service Profile From Template CHAPTER
5 CHAPTER To illustrate how to use the activities that are available as part of this integration pack, a set of sample runbooks is available on the Cisco Developer Network. You can import these sample
Service Profiles. Service Profiles in UCS Manager
in UCS Manager, on page 1 that Override Server Identity, on page 2 that Inherit Server Identity, on page 2 Guidelines and Recommendations for, on page 3 Methods of Creating, on page 3 Inband, on page 7
Management Tools. Management Tools. About the Management GUI. About the CLI. This chapter contains the following sections:
This chapter contains the following sections:, page 1 About the Management GUI, page 1 About the CLI, page 1 User Login Menu Options, page 2 Customizing the GUI and CLI Banners, page 3 REST API, page 3
Migrating Brownfield to Greenfield
Migration of Existing Deployments, page 1 Migration of Existing Deployments When migrating existing local deployments to global deployments, best practices involve using global operational and service
Cisco IOS HTTP Services Command Reference
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION
TACACS+ Configuration Mode Commands
Important TACACS Configuration Mode is available in releases 11.0 and later. This chapter describes all commands available in the TACACS+ Configuration Mode. TACACS+ (Terminal Access Controller Access-Control
Configuring Administrator Usernames and Passwords. Information About Configuring Administrator Usernames and Passwords
Configuring Administrator Usernames and Passwords, on page 1 Creating a Lobby Ambassador Account, on page 2 Configuring Guest User Accounts, on page 5 Client Whitelisting, on page 6 Password Policies,
Cisco UCS Director UCS Central Management Guide, Release 6.5
First Published: 2017-07-11 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE
Use Cisco UCS Connectivity Policies to Achieve Strict Administrative Role Delineation
White Paper Use Cisco UCS Connectivity Policies to Achieve Strict Administrative Role Delineation What You Will Learn As more customers deploy and expand their Cisco Unified Computing System (Cisco UCS
Managing GSS User Accounts Through a TACACS+ Server
CHAPTER 4 Managing GSS User Accounts Through a TACACS+ Server This chapter describes how to configure the GSS, primary GSSM, or standby GSSM as a client of a Terminal Access Controller Access Control System
Setting the Management IP Address
Management IP Address, page 1 Configuring the Management IP Address on a Modular Server, page 2 on a Service Profile or Service Profile Template, page 4 Configuring the Management IP Pool, page 5 Management
Change and Configuration Management Administration
CHAPTER 7 Change and Configuration Management Administration These topics provide administrative information on Change and Configuration Management: Configuring Global Settings for Configuration Management,
TACACS Device Access Control with Cisco Active Network Abstraction
TACACS Device Access Control with Cisco Active Network Abstraction Executive Summary Cisco Active Network Abstraction (ANA) is an extensible and scalable product suite that resides between the network
Security Certifications Compliance
, page 1 Enable FIPS Mode, page 2 Enable Common Criteria Mode, page 3 Generate the SSH Host Key, page 3 Configure IPSec Secure Channel, page 4 Configure Static CRL for a Trustpoint, page 9 About the Certificate
Configuring Password Encryption
This chapter describes how to configure password encryption on Cisco NX-OS devices. This chapter includes the following sections: Finding Feature Information, page 1 Information About Password Encryption,
Best Practices: Server Security Hardening
The following sections explain how to enhance server security by eliminating or controlling individual points of security exposure. Disable Insecure Services, on page 1 Disable Root Access, on page 1 Use
Cisco Actualtests Questions & Answers
Cisco Actualtests 642-999 Questions & Answers Number: 642-999 Passing Score: 800 Time Limit: 90 min File Version: 22.8 http://www.gratisexam.com/ Sections 1. Questions 2. Drag & Drop 3. Hot Spot Cisco
Configuring the Management Interface and Security
CHAPTER 5 Configuring the Management Interface and Security Revised: February 15, 2011, Introduction This module describes how to configure the physical management interfaces (ports) as well as the various
Prerequisites for Controlling Switch Access with Terminal Access Controller Access Control System Plus (TACACS+)
Finding Feature Information, page 1 Prerequisites for Controlling Switch Access with Terminal Access Controller Access Control System Plus (TACACS+), page 1 Information About TACACS+, page 3 How to Configure
How to Configure Authentication and Access Control (AAA)
How to Configure Authentication and Access Control (AAA) Overview The Barracuda Web Application Firewall provides features to implement user authentication and access control. You can create a virtual
AAA Authorization and Authentication Cache
AAA Authorization and Authentication Cache First Published: March 16, 2006 Last Updated: March 1, 2006 The AAA Authorization and Authentication Cache feature allows you to cache authorization and authentication
Configuring Management Access
37 CHAPTER This chapter describes how to access the ASA for system management through Telnet, SSH, and HTTPS (using ASDM), how to authenticate and authorize users, how to create login banners, and how
Table of Contents Chapter 1: Migrating NIMS to OMS... 3 Index... 17
Migrating from NIMS to OMS 17.3.2.0 User Guide 7 Dec 2017 Table of Contents Chapter 1: Migrating NIMS to OMS... 3 Before migrating to OMS... 3 Purpose of this migration guide...3 Name changes from NIMS
Configuring Cisco UCS Server Pools and Policies
This chapter contains the following sections: Global Equipment Policies, page 1 UUID Pools, page 3 Server Pools, page 5 Management IP Pool, page 7 Boot Policy, page 8 Local Disk Configuration Policy, page
Configuring SSH and Telnet
This chapter contains the following sections:, page 1 Information About SSH and Telnet SSH Server The Secure Shell Protocol (SSH) server feature enables a SSH client to make a secure, encrypted connection
Control Device Administration Using TACACS+
Device Administration, page 1 Device Administration Work Center, page 3 Data Migration from Cisco Secure ACS to Cisco ISE, page 3 Device Admin Policy Sets, page 3 TACACS+ Authentication Settings, page
Configuring Password Encryption
This chapter describes how to configure password encryption on Cisco NX-OS devices. This chapter includes the following sections: About AES Password Encryption and Master Encryption Keys, page 1 Licensing
Overview of Cisco UCS Manager GUI
Overview of Cisco UCS Manager GUI This chapter includes the following sections: Overview of Cisco UCS Manager GUI, page 1 Logging in to Cisco UCS Manager GUI through HTTPS, page 6 Logging in to Cisco UCS
Managing External Identity Sources
CHAPTER 5 The Cisco Identity Services Engine (Cisco ISE) integrates with external identity sources to validate credentials in user authentication functions, and to retrieve group information and other
Configuring Authorization
Configuring Authorization AAA authorization enables you to limit the services available to a user. When AAA authorization is enabled, the network access server uses information retrieved from the user
Introduction to Cisco UCS Central
Introducing Cisco UCS Central, page 1 Introducing Cisco UCS Central Cisco UCS Central provides scalable management solution for growing Cisco UCS environment. Cisco UCS Central simplifies the management
Configuring Role-Based Access Control
5 CHAPTER This chapter describes how to configure role-based access control (RBAC) on the Cisco 4700 Series Application Control Engine (ACE) appliance. It describes how to create a domain and a user, and
Setting the Management IP Address
This chapter includes the following sections: Management IP Address, page 1 Configuring the Management IP Address on a Blade Server, page 2 Configuring the Management IP Address on a Rack Server, page
Cisco Nexus 1000V for KVM Security Configuration Guide, Release 5.x
Cisco Nexus 1000V for KVM Security Configuration Guide, Release 5.x First Published: August 01, 2014 Last Modified: November 13, 2015 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San
Cisco IOS HTTP Services Command Reference
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION
Admin Guide ( Unix System Administration )
Admin Guide ( Unix System Administration ) ProFTPD Server Configuration ProFTPD is a secure and configurable FTP server, written for use on Unix and Unix-like operating systems. ProFTPD is modeled around
Configuring RADIUS and TACACS+
28 CHAPTER The authentication, authorization, and accounting (AAA) mechanism verifies the identity of, grants access to, and tracks the actions of users managing a switch. All Cisco MDS 9000 Family switches
UCS IPv6 Management Configuration Example
UCS IPv6 Management Configuration Example Document ID: 118784 Contributed by Padmanabhan Ramaswamy and Shankar Prasath, Cisco TAC Engineers. Mar 06, 2015 Contents Introduction Prerequisites Requirements