Working with Router Users

User accounts are required on a router in order to log in. These accounts can be stored in a local database on the router or on a central access server named Terminal Access Controller Access-Control System (TACACS), which is an industry-standard authentication server.

Most small organizations and even some larger ones rely on the local database for user authentication, this is the user creation option described.

To use the local database for authentication, you need to follow these two steps:

1. Create at least one user account.

2. Configure your router to use the local database rather than a password, which is done on an interface basis.

Creating a user in the account database

To create a user in the account database, use a command like the following to specify the username and password:

Router2>enable
Password:
Router2#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router2(config)#username remoteuser password remotepass
Router2(config)#username edt password edpass
Router2(config)#exit

Removing a user

To remove a user, you can use the standard no command and then specify the username in the same way that following the command removes the user named remoteuser from the local database.

Router2>enable
Password:
Router2#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router2(config)#no username remoteuser
Router2(config)#exit

Enable user-level protection

Finally, you need to enable the login local setting on the interfaces you want to protect with this user-level protection, using a command similar to the following:

Router2>enable
Password:
Router2#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router2(config)#line aux 0
Router2(config-line)#login local
Router2(config-line)#exit
Router2(config)#exit

Showing connected users

At times, you will want to find out who is connected to your router and performing management operations. You can easily do so using the show users command. Here is an example of the output:

Router2>enable
Password:
Router2#show users all
    Line       User       Host(s)              Idle       Location
*  0 con 0                idle                 00:00:00
  65 aux 0                                     00:00:00
  66 vty 0                idle                 00:02:01 192.168.1.3
  67 vty 1                                     00:00:00
  68 vty 2                                     00:00:00
  69 vty 3                                     00:00:00
  70 vty 4                                     00:00:00
  71 vty 5     remoteuser idle                 00:01:05 192.168.1.137
  Interface    User               Mode         Idle     Peer Address

One line, listed with an asterisk, identifies the connection from which you ran the command. In addition, connections that do not show a user in the User column, such as vty 0, represent connections where a password was used for authentication, whereas the connection on vty 5 was made with user authentication. Forcing systems to use user-based authentication lets you see who is connected to the management interfaces.

Cloud Computing Glossary

cloud computing

A networking solution in which everything — from computing power to computing infrastructure, applications, business processes to personal collaboration — is delivered as a service wherever and whenever you need.

Cloud Computing Glossary

cloud service

The delivery of software, infrastructure, or storage that has been packaged so it can be automated and delivered to customers in a consistent and repeatable manner.

Cloud Computing Glossary

deprovision

The release of cloud services that are no longer needed.

Cloud Computing Glossary

federating

Linking distributed resources together over the cloud.

Cloud Computing Glossary

hypervisor

An operating system that acts as a traffic cop, managing the various virtualization tasks in the cloud to ensure that they make things happen in an orderly manner.

Cloud Computing Glossary

multi-tenancy

The sharing of underlying resources by multiple companies over a cloud.

Cloud Computing Glossary

network attached store

Storage that has its own network address through which it is accessed by the network's workstation users. Acronym: NAS

Cloud Computing Glossary

service level agreement

A contract that stipulates the type of service you need from providers and what type of penalties would result from an unexpected business interruption. Acronym: SLA

Cloud Computing Glossary

solution stack

An integrated set of software that provides everything a developer needs to build an application.

Cloud Computing Glossary

storage area network

A storage systems that is flexible and scalable because it's available to multiple hosts at the same time. Acronym: SAN

Cloud Computing Glossary

vertical industry groups

Workgroups comprised of members from a particular industry such as technology and retail.

Cloud Computing Glossary

virtual memory

The portion of your hard drive that Windows uses to expand the available RAM

Cloud Computing Glossary

virtualization

Using computer resources to imitate other computer resources or whole computers to maximize performance and flexibility.