admin

Description                                                    Configure an admin account for management access to the ACOS device.

Syntax                                                                  [no] admin admin-username [password string]

Replace admin-username with the user name of an admin (1-31 characters).

This command changes the CLI to the configuration level for the specified admin account, where the following admin-related commands are available:

Command

Description

access {cli | web | axapi}

Specifies the management interfaces through which the admin is allowed to access the ACOS device.

By default, access is allowed through the CLI, GUI, and aXAPI.

disable

Disables the admin account.

By default, admin accounts are enabled when they are added.

enable

Enables the admin account.

By default, admin accounts are enabled when they are added.

password string

Sets the password, 1-63 characters. Passwords are case sensitive and can con­tain special characters. (For more information, see Special Character Support in Strings.)

The default password is “a10”; this is the default for the “admin” account and for any admin account you configure if you do not configure the password for the account.

privilege 
{
read |
write |
partition-enable-disable
  pertition-name |
partition-read
  partition-name |
partition-write
  partition-name
}

Sets the privilege level for the account:

  read – The admin can access the User EXEC and Privileged EXEC levels of the CLI only.

  write – The admin can access all levels of the CLI.

  partition-read – The admin has read-only privileges within the L3V partition to which the admin is assigned, and read-only privileges for the shared partition.

  partition-write – The admin has read-write privileges within the L3V partition to which the admin is assigned. The admin has read-only privi­leges for the shared partition.

  partition-enable-disable – The admin has read-only privileges for real servers, with permission to view service port statistics and to disable or re-enable the servers and their service ports. No other read-only or read-write privileges are granted.

  partition-name – The name of the L3V partition to which the admin is assigned. This option applies only to admins that have privilege level par­tition-read, partition-write, or partition-enable-disable. 

NOTE: L3V partitions are used in Application Delivery Partitioning (ADP). For information, see the Configuring Application Delivery Partitions guide.

The default privilege is read.

ssh-pubkey options

Manage public key authentication for the admin.

ssh-pubkey import url

Imports the public key onto the ACOS device.

The url specifies the file transfer protocol, username (if required), and direc­tory path.

You can enter the entire URL on the command line or press Enter to display a prompt for each part of the URL. If you enter the entire URL and a password is required, you will still be prompted for the password. The password can be up to 255 characters long.

To enter the entire URL:

  tftp://host/file

  ftp://[user@]host[port:]/file

  scp://[user@]host/file

  sftp://[user@]host/file

ssh-pubkey delete num 

Deletes a public key. The num option specifies the key number on the ACOS device. The key numbers are displayed along with the keys themselves by the ssh-pubkey list command. (See below.)

ssh-pubkey list

Verifies installation of the public key.

trusted-host {
ipaddr 
{
subnet-mask | /mask-length} |
access-list acl-id}

Specifies the host or subnet address from which the admin is allowed to log onto the ACOS device. The trusted host can be either a single host (specified with the IP address and subnet mask), or a configured access control list (ACL) on your system.

The default trusted host is 0.0.0.0/0, which allows access from any host or sub­net.

unlock

Unlocks the account. Use this option if the admin has been locked out due to too many login attempts with an incorrect password. (To configure lockout parameters, see admin-lockout.)

Default                                                                The system has a default admin account, with username “admin” and password “a10”. The default admin account has write privilege and can log on from any host or subnet address.

Other defaults are described in the descriptions above.

Mode                                                                   Configuration mode

Usage                                                                  An additional session is reserved for the “admin” account to ensure access. If the maximum number of concurrent open sessions is reached, the “admin” admin can still log in using the reserved session. This reserved session is available only to the “admin” account.

Example                                                            The following commands add admin “adminuser1” with password “1234”:

ACOS(config)#admin adminuser1

ACOS(config-admin:adminuser1)#password 1234

 

Example                                                            The following commands add admin “adminuser3” with password “abcdefgh” and write priv­ilege, and restrict login access to the 10.10.10.x subnet only:

ACOS(config)#admin adminuser3

ACOS(config-admin:adminuser3)#password abcdefgh

ACOS(config-admin:adminuser3)#privilege write

ACOS(config-admin:adminuser3)#trusted-host 10.10.10.0 /24

 

Example                                                            The following commands configure an admin account for a private partition:

ACOS(config)#admin compAadmin password compApwd

ACOS(config-admin:compAadmin)#privilege partition-write companyA

Modify Admin User successful !

 

Example                                                            The following commands deny management access by admin “admin2” using the CLI or aXAPI:

ACOS(config)#admin admin2

ACOS(config-admin:admin2)#no access cli

ACOS(config-admin:admin2)#no access axapi

 

Example                                                            The following commands add admin “admin4” with password “examplepassword” and default privileges, and restricts login access as defined by access list 2. The show output con­firms that “ACL 2” is the trusted host:

ACOS(config)#admin admin4 password examplepassword

ACOS(config-admin)#trusted-host access-list 2

Modify Admin User successful!

ACOS(config-admin)#show admin admin4 detail

 User Name             ...... admin4

 Status                ...... Enabled

 Privilege             ...... R

 Partition             ......

 Access type           ...... cli web axapi

 GUI role              ...... ReadOnlyAdmin

 Trusted Host(Netmask) ...... ACL 2

 Lock Status           ...... No

 Lock Time             ......

 Unlock Time           ......

 Password Type         ...... Encrypted

 Password              ...... $1$492b642f$/XuVOTmSOUskpvZsds5Xy0

 

Table of Contents

Index

Glossary

-Search-

Back