One of the most challenging problems in managing a large data center is the complexity of security administration. Role-based access control (RBAC) allows you to determine the commands and resources available to each user. In RBAC, users are associated with roles and rules. User roles determine a user’s privileges, and a rule defines what operations the role allows the user to perform.
You can create and manage user accounts and assign roles that limit access to operations on the Cisco NX-OS device. RBAC allows you to define the rules for an assigned role that restricts the authorization that the user has to access management operations.
You can configure up to a maximum of 256 user accounts. By default, the user account does not expire unless you explicitly configure it to expire. The expire option determines the date when the user account is disabled. For Nexus 7000 Series with virtual device context (VDC), users can have user accounts on multiple VDCs. These users can move between VDCs after an initial connection to a VDC. The Cisco NX-OS software provides two default user accounts: admin and admin backup.
Note
The following words are reserved and cannot be used to configure users: bin, daemon, adm, lp, sync, shutdown, halt, mail, news, uucp, operator, games, gopher, ftp, nobody, nscd, mailnull, root, rpc, rpcuser, xfs, gdm, mtsuser, ftpuser, man, and sys.
Note
The Cisco NX-OS software does not support all numeric usernames, whether created with TACACS+ or RADIUS, or created locally. Local users with all-numeric names cannot be created. If an all-numeric username exists on the AAA server and is entered during login, the user is not logged in.
Note
Usernames must begin with an alphanumeric character and can contain only these special characters: ( + = . _ \ -). The # and ! symbols are not supported. If the username contains characters that are not allowed, the specified user is unable to log in.
Leave a Reply