Cisco Cisco ASR 5700
Command Line Interface Overview
▀ CLI Administrative Users
▄ Command Line Interface Reference, StarOS Release 17
128
The NAS is defined as a client-side requesting component associated with a specific IP address. StarOS only supports
one NAS with one IP address. This NAS processes TACACS+ protocol packets within the local context. Several
management services may be associated with a login.
one NAS with one IP address. This NAS processes TACACS+ protocol packets within the local context. Several
management services may be associated with a login.
StarOS only supports multiple-connection mode with a TACACS+ server. In a multiple-connection mode, each
TACACS+ session opens and maintains a separate and private TCP connection to the server. When the session ends,
this connection is always closed.
TACACS+ session opens and maintains a separate and private TCP connection to the server. When the session ends,
this connection is always closed.
TACACS+ users and their passwords are defined and stored on the TACACS+ server. They are stored in a persistent
space and are always known to the server while the server is running. The users are not directly known to the NAS.
space and are always known to the server while the server is running. The users are not directly known to the NAS.
Administrative User Privileges
Regardless of the administrative user type, the system supports four user privilege levels:
Inspector: Inspectors are limited to a small number of read-only Exec Mode commands. The bulk of these are
show commands for viewing a variety of statistics and conditions. The Inspector cannot execute show
configuration commands and does not have the privilege to enter the Config Mode.
configuration commands and does not have the privilege to enter the Config Mode.
Operator: Operators have read-only privileges to a larger subset of the Exec Mode commands. They can
execute all commands that are part of the inspector mode, plus some system monitoring, statistic, and fault
management functions. Operators do not have the ability to enter the Config Mode.
management functions. Operators do not have the ability to enter the Config Mode.
Administrator: Administrators have read-write privileges and can execute any command in the CLI except for a
few security-related commands that can only be configured by Security Administrators. Administrators can
configure or modify system settings and can execute all system commands, including those available to the
Operators and Inspectors.
configure or modify system settings and can execute all system commands, including those available to the
Operators and Inspectors.
Security Administrator: Security Administrators have read-write privileges and can execute all CLI commands,
including those available to Administrators, Operators, and Inspectors.
The following figure represents how user privileges are defined in the CLI configuration modes.
Figure 1.
User Privileges
Though the privilege levels are the same regardless of user type, the corresponding user type names differ slightly. The
following table displays the privilege level to administrative user type mappings:
following table displays the privilege level to administrative user type mappings: