Advertisement
Online Test Banks
Score higher
See Online Test Banks
eLearning
Learning anything is easy
Browse Online Courses
Mobile Apps
Learning on the go
Explore Mobile Apps
Dummies Store
Shop for books and more
Start Shopping

Working with Router Users

User accounts are required on a router in order to log in. These accounts can be stored in a local database on the router or on a central access server named Terminal Access Controller Access-Control System (TACACS), which is an industry-standard authentication server.

Most small organizations and even some larger ones rely on the local database for user authentication, this is the user creation option described.

To use the local database for authentication, you need to follow these two steps:

  1. Create at least one user account.

  2. Configure your router to use the local database rather than a password, which is done on an interface basis.

Creating a user in the account database

To create a user in the account database, use a command like the following to specify the username and password:

Router2>enable
Password:
Router2#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router2(config)#username remoteuser password remotepass
Router2(config)#username edt password edpass
Router2(config)#exit

Removing a user

To remove a user, you can use the standard no command and then specify the username in the same way that following the command removes the user named remoteuser from the local database.

Router2>enable
Password:
Router2#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router2(config)#no username remoteuser
Router2(config)#exit

Enable user-level protection

Finally, you need to enable the login local setting on the interfaces you want to protect with this user-level protection, using a command similar to the following:

Router2>enable
Password:
Router2#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router2(config)#line aux 0
Router2(config-line)#login local
Router2(config-line)#exit
Router2(config)#exit

Showing connected users

At times, you will want to find out who is connected to your router and performing management operations. You can easily do so using the show users command. Here is an example of the output:

Router2>enable
Password:
Router2#show users all
    Line       User       Host(s)              Idle       Location
*  0 con 0                idle                 00:00:00
  65 aux 0                                     00:00:00
  66 vty 0                idle                 00:02:01 192.168.1.3
  67 vty 1                                     00:00:00
  68 vty 2                                     00:00:00
  69 vty 3                                     00:00:00
  70 vty 4                                     00:00:00
  71 vty 5     remoteuser idle                 00:01:05 192.168.1.137
  Interface    User               Mode         Idle     Peer Address

One line, listed with an asterisk, identifies the connection from which you ran the command. In addition, connections that do not show a user in the User column, such as vty 0, represent connections where a password was used for authentication, whereas the connection on vty 5 was made with user authentication. Forcing systems to use user-based authentication lets you see who is connected to the management interfaces.

blog comments powered by Disqus
Advertisement
Advertisement

Inside Dummies.com

Dummies.com Sweepstakes

Win an iPad Mini. Enter to win now!