[j-nsp] logical router user access

Vineet Venugopal vineet.venugopal at gmail.com
Sun Sep 6 00:16:27 EDT 2009


Hi Yue,

can you check the below configuration under the system login
heirarchy. this should work.

        class router-1 {
            logical-router r1;
            permissions all;
        }

        user router1 {
            uid 2002;
            class router-1;
            authentication {
                encrypted-password
"$1$raarZX86$xI7d4XeudI5BuXwpdl2ev."; ## SECRET-DATA
            }
        }

I tried connecting to the router using the FXP address and when login
using the username router1 i would directly go into router1

The only caveat is that we cannot configure new interfaces under the
logical-system. For that we would need to configure it through the
global router.

Hope this helps

Thanks
Vineet

On Sun, Sep 6, 2009 at 1:14 AM, Yue Min<smartsuites at gmail.com> wrote:
> logical router is a great feature. however, I have some questions
> about how more efficiently user can access to logical router. here's
> the senario:
>
> r1, r2 , and r3 are three logical router. I want define three classes
> and users, each with full control of its logical router efficiently.
> it means, when r1 user login with its user account, it should see
> these things:
>
> 1. r1 will be able to see only "logical-routers r1" configure, and
> make configure changes only to r1.
> 2. when user r1 get into configure mode, it won't be warned "there's
> other user in configuration mode" if other user is r2 and/or r3, not a
> "global" user.
> 3. r1 should be able to issue command like "ping" "show route" "show
> isis database" etc. without speicifying logical router name.
>
> anyone has a good sample to do this? thanks.
>
> Min
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>



-- 
  ---Vineet


More information about the juniper-nsp mailing list