Restricting Switch Access; Group-Based Snmp Access; Creating And Modifying Users - Cisco AP776A - Nexus Converged Network Switch 5020 Configuration Manual

Creating and Modifying Users

S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
•

Restricting Switch Access

You can restrict access to a Cisco MDS 9000 Family switch using IP Access Control Lists (IP-ACLs).
SeeChapter 35, "Configuring IPv4 and IPv6 Access Control

Group-Based SNMP Access

Because group is a standard SNMP term used industry-wide, we refer to role(s) as group(s) in this SNMP
Note
section.
SNMP access rights are organized by groups. Each group in SNMP is similar to a role through the CLI.
Each group is defined with three accesses: read access, write access, and notification access. Each access
can be enabled or disabled within each group.
You can begin communicating with the agent once your user name is created, your roles are set up by
your administrator, and you are added to the roles.
Creating and Modifying Users
You can create users or modify existing users using or the CLI.
•
•
A network-operator and network-admin roles are available in a Cisco MDS 9000 Family switch. There
is also a default-role if you want to use the GUI (Fabric Manager and Device Manager). You can also
use any role that is configured in the Common Roles database (see the
section on page
All updates to the CLI security database and the SNMP user database are synchronized. You can use the
Tip
SNMP password to log into either Fabric Manager or Device Manager. However, after you use the CLI
password to log into Fabric Manager or Device Manager, you must use the CLI password for all future
logins. If a user exists in both the SNMP database and the CLI database before upgrading to Cisco MDS
SAN-OS Release 2.0(1b), then the set of roles assigned to the user becomes the union of both sets of
roles after the upgrade.
This section includes the following topics:
•
•
•
•
Cisco MDS 9000 Family CLI Configuration Guide
33-4
If the management station creates an SNMP user in the usmUserTable, the corresponding CLI user
is created without any password (login is disabled) and will have the network-operator role.
SNMP—Create a user as a clone of an existing user in the usmUserTable on the switch. Once you
have created the user, change the cloned secret key before activating the user. Refer to RFC 2574.
CLI—Create a user or modify an existing user using the snmp-server user command.
32-10).
About AES Encryption-Based Privacy, page 33-5
Configuring SNMP Users from the CLI, page 33-5
Enforcing SNMPv3 Message Encryption, page 33-6
Assigning SNMPv3 Users to Multiple Roles, page 33-7
Chapter 33
Lists,".
"Configuring User Accounts"
OL-18084-01, Cisco MDS NX-OS Release 4.x
Configuring SNMP