[j-nsp] logical router user access
Vineet Venugopal
vineet.venugopal at gmail.com
Sun Sep 6 00:16:27 EDT 2009
Hi Yue,
can you check the below configuration under the system login
heirarchy. this should work.
class router-1 {
logical-router r1;
permissions all;
}
user router1 {
uid 2002;
class router-1;
authentication {
encrypted-password
"$1$raarZX86$xI7d4XeudI5BuXwpdl2ev."; ## SECRET-DATA
}
}
I tried connecting to the router using the FXP address and when login
using the username router1 i would directly go into router1
The only caveat is that we cannot configure new interfaces under the
logical-system. For that we would need to configure it through the
global router.
Hope this helps
Thanks
Vineet
On Sun, Sep 6, 2009 at 1:14 AM, Yue Min<smartsuites at gmail.com> wrote:
> logical router is a great feature. however, I have some questions
> about how more efficiently user can access to logical router. here's
> the senario:
>
> r1, r2 , and r3 are three logical router. I want define three classes
> and users, each with full control of its logical router efficiently.
> it means, when r1 user login with its user account, it should see
> these things:
>
> 1. r1 will be able to see only "logical-routers r1" configure, and
> make configure changes only to r1.
> 2. when user r1 get into configure mode, it won't be warned "there's
> other user in configuration mode" if other user is r2 and/or r3, not a
> "global" user.
> 3. r1 should be able to issue command like "ping" "show route" "show
> isis database" etc. without speicifying logical router name.
>
> anyone has a good sample to do this? thanks.
>
> Min
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
---Vineet
More information about the juniper-nsp
mailing list