Cisco Systems ASR 9000 Manual De Usuario
F I N A L D R A F T — C i s c o C o n f i d e n t i a l
3-7
Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide
OL-17502-01
Chapter 3 Configuring General Router Features
Logging In to a Router
For example, the following prompt indicates that the CLI commands are executed on the RP in rack 0,
slot RSP0, by the “CPU0” module on a router named “router:”
slot RSP0, by the “CPU0” module on a router named “router:”
RP/0/RSP0/CPU0:router#
User Access Privileges
When you log in to the router, your username and password are used to determine if you are authorized
to access the router. After you successfully log in, your username is used to determine which commands
you are allowed to use. The following sections provide information on how the router determines which
commands you can use:
to access the router. After you successfully log in, your username is used to determine which commands
you are allowed to use. The following sections provide information on how the router determines which
commands you can use:
•
•
•
User Groups, Task Groups, and Task IDs
The Cisco IOS XR software ensures security by combining tasks a user wants to perform (task IDs) into
groups, defining which router configuration and management functions users can perform. This policy
is enabled by the definition of:
groups, defining which router configuration and management functions users can perform. This policy
is enabled by the definition of:
•
User groups—A collection of users that share similar authorization rights on a router.
•
Task groups—Defined by a collection of task IDs for each class of action.
•
Task IDs—Define permission to perform particular tasks; pooled into a task group that is then
assigned to users.
assigned to users.
The commands each user can perform are defined by the user groups to which he or she belongs.
Commands for a particular feature, like access control lists, are assigned to tasks. Each task is uniquely
identified by a task ID. If a user wants to use a particular command, his or her username must be
associated with the appropriate task ID. The association between a username and a task ID takes place
through two intermediate entities, the user group and task group.
Commands for a particular feature, like access control lists, are assigned to tasks. Each task is uniquely
identified by a task ID. If a user wants to use a particular command, his or her username must be
associated with the appropriate task ID. The association between a username and a task ID takes place
through two intermediate entities, the user group and task group.
The user group is a logical container used to assign the same task IDs to multiple users. Instead of
assigning task IDs to each user, assign them to the user group. Then assign users to that user group. When
a task is assigned to a user group, define the access rights for the commands associated with that task.
These rights include “read,” “write,” “execute,” and “notify.”
assigning task IDs to each user, assign them to the user group. Then assign users to that user group. When
a task is assigned to a user group, define the access rights for the commands associated with that task.
These rights include “read,” “write,” “execute,” and “notify.”
The task group is also a logical container, but it groups tasks. Instead of assigning task IDs to each user
group, you assign them to a task group. This allows you to quickly enable access to a specific set of tasks
by assigning a task group to a user group. Users are not assigned to groups by default and must be
explicitly assigned by an administrator.
group, you assign them to a task group. This allows you to quickly enable access to a specific set of tasks
by assigning a task group to a user group. Users are not assigned to groups by default and must be
explicitly assigned by an administrator.
Note
Only root-system users (root-lr users) or users associated with the WRITE:AAA task ID can configure
task groups.
task groups.