Table Of Contents
U Commands
use-vrf
username
U Commands
This chapter describes the Cisco NX-OS security commands that begin with U.
use-vrf
To specify a virtual routing and forwarding (VRF) instance for a RADIUS or TACACS+ server group, use the use-vrf command. To remove the VRF instance, use the no form of this command.
use-vrf {vrf-name | default | management}
no use-vrf {vrf-name | default | management}
Syntax Description
vrf-name
|
VRF instance name. The name is case sensitive and can be a maximum of 32 alphanumeric characters.
|
default
|
Specifies the default VRF.
|
management
|
Specifies the management VRF.
|
Command Default
None
Command Modes
RADlUS server group configuration mode
TACACS+ server group configuration mode
Command History
Release
|
Modification
|
5.2(1)N1(1)
|
This command was introduced.
|
Usage Guidelines
You can configure only one VRF instance for a server group.
Use the aaa group server radius command RADIUS server group configuration mode or the aaa group server tacacs+ command to enter TACACS+ server group configuration mode.
If the server is not found, use the radius-server host command or tacacs-server host command to configure the server.
You must use the feature tacacs+ command before you configure TACACS+.
Examples
This example shows how to specify a VRF instance for a RADIUS server group:
switch(config)# aaa group server radius RadServer
switch(config-radius)# use-vrf management
This example shows how to specify a VRF instance for a TACACS+ server group:
switch(config)# aaa group server tacacs+ TacServer
switch(config-tacacs+)# use-vrf management
This example shows how to remove the VRF instance from a TACACS+ server group:
switch(config)# aaa group server tacacs+ TacServer
switch(config-tacacs+)# no use-vrf management
Related Commands
Command
|
Description
|
aaa group server
|
Configures AAA server groups.
|
feature tacacs+
|
Enables TACACS+.
|
radius-server host
|
Configures a RADIUS server.
|
show radius-server groups
|
Displays RADIUS server information.
|
show tacacs-server groups
|
Displays TACACS+ server information.
|
tacacs-server host
|
Configures a TACACS+ server.
|
vrf
|
Configures a VRF instance.
|
username
To create and configure a user account, use the username command. To remove a user account, use the no form of this command.
username user-id [expire date] [password {0 | 5} password] [role role-name] [priv-lvl level]
username user-id sshkey {key | filename filename}
no username user-id
Syntax Description
user-id
|
User identifier for the user account. The user-id argument is a case-sensitive, alphanumeric character string with a maximum length of 28 characters.
Note  The Cisco NX-OS software does not allowed the "#" and "@" characters in the user-id argument text string.
|
expire date
|
(Optional) Specifies the expire date for the user account. The format for the date argument is YYYY-MM-DD.
|
password
|
(Optional) Specifies a password for the account. The default is no password.
|
0
|
Specifies that the password that follows should be in clear text. This is the default mode.
|
5
|
Specifies that the password that follows should be encrypted.
|
password
|
Password for the user (clear text). The password can be a maximum of 64 characters.
Note Clear text passwords cannot contain dollar signs ($) or spaces anywhere in the password. Also, they cannot include these special characters at the beginning of the password: quotation marks (" or `), vertical bars (|), or right angle brackets (>).
|
role role-name
|
(Optional) Specifies the role which the user is to be assigned to. Valid values are as follows:
•default-role—User role
•network-admin—System configured role
•network-operator—System configured role
•priv-0—Privilege role
•priv-1—Privilege role
•priv-2—Privilege role
•priv-3—Privilege role
•priv-4—Privilege role
•priv-5—Privilege role
•priv-6—Privilege role
•priv-7—Privilege role
•priv-8—Privilege role
•priv-9—Privilege role
|
| |
•priv-10—Privilege role
•priv-11—Privilege role
•priv-12—Privilege role
•priv-13—Privilege role
•priv-14—Privilege role
•priv-15—Privilege role
•vdc-admin—System configured role
•vdc-operator—System configured role
|
priv-lvl level
|
(Optional) Specifies the privilege level to assign the user. Valid values are from 0 to 15.
|
sshkey
|
(Optional) Specifies an SSH key for the user account.
|
key
|
SSH key string.
|
filename filename
|
Specifies the name of a file that contains the SSH key string.
|
Command Default
No expiration date, password, or SSH key.
Command Modes
Global configuration mode
Command History
Release
|
Modification
|
5.2(1)N1(1)
|
This command was introduced.
|
Usage Guidelines
The switch accepts only strong passwords. The characteristics of a strong password include the following:
•At least eight characters long
•Does not contain many consecutive characters (such as "abcd")
•Does not contain many repeating characters (such as "aaabbb")
•Does not contain dictionary words
•Does not contain proper names
•Contains both uppercase and lowercase characters
•Contains numbers
Caution If you do not specify a password for the user account, the user might not be able to log in to the account.
You must enable the cumulative privilege roles for TACACS+ server using the feature privilege command to see the priv-lvl keyword.
Examples
This example shows how to create a user account with a password:
switch(config)# username user1 password Ci5co321
This example shows how to configure the SSH key for a user account:
switch(config)# username user1 sshkey file bootflash:key_file
This example shows how to configure the privilege level for a user account:
switch(config)# username user1 priv-lvl 15
Related Commands
Command
|
Description
|
feature privilege
|
Enables the cumulative privilege of roles for command authorization on TACACS+ servers.
|
show privilege
|
Displays the current privilege level, username, and status of cumulative privilege support for a user.
|
show user-account
|
Displays the user account configuration.
|
Feedback
