[j-nsp] logical router user access

Yue Min smartsuites at gmail.com
Sun Sep 6 01:47:27 EDT 2009


Thanks Vineet. This is the config I'm currently using. It's good for
3, but not 1 and 2. :)

On 9/5/09, Vineet Venugopal <vineet.venugopal at gmail.com> wrote:
> Hi Yue,
>
> can you check the below configuration under the system login
> heirarchy. this should work.
>
>         class router-1 {
>             logical-router r1;
>             permissions all;
>         }
>
>         user router1 {
>             uid 2002;
>             class router-1;
>             authentication {
>                 encrypted-password
> "$1$raarZX86$xI7d4XeudI5BuXwpdl2ev."; ## SECRET-DATA
>             }
>         }
>
> I tried connecting to the router using the FXP address and when login
> using the username router1 i would directly go into router1
>
> The only caveat is that we cannot configure new interfaces under the
> logical-system. For that we would need to configure it through the
> global router.
>
> Hope this helps
>
> Thanks
> Vineet
>
> On Sun, Sep 6, 2009 at 1:14 AM, Yue Min<smartsuites at gmail.com> wrote:
>> logical router is a great feature. however, I have some questions
>> about how more efficiently user can access to logical router. here's
>> the senario:
>>
>> r1, r2 , and r3 are three logical router. I want define three classes
>> and users, each with full control of its logical router efficiently.
>> it means, when r1 user login with its user account, it should see
>> these things:
>>
>> 1. r1 will be able to see only "logical-routers r1" configure, and
>> make configure changes only to r1.
>> 2. when user r1 get into configure mode, it won't be warned "there's
>> other user in configuration mode" if other user is r2 and/or r3, not a
>> "global" user.
>> 3. r1 should be able to issue command like "ping" "show route" "show
>> isis database" etc. without speicifying logical router name.
>>
>> anyone has a good sample to do this? thanks.
>>
>> Min
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
>
> --
>   ---Vineet
>

-- 
Sent from my mobile device


More information about the juniper-nsp mailing list