[j-nsp] question about user access to logical router
陈江
ilovebgp4 at gmail.com
Tue Sep 8 10:51:55 EDT 2009
hi!
example below:
login {
class r1 {
idle-timeout 3;
logical-system r1;
login-tip;
permissions all;
}
class r2 {
idle-timeout 3;
logical-system r2;
login-tip;
permissions all;
}
class r3 {
idle-timeout 3;
logical-system r3;
login-tip;
permissions all;
}
user r1 {
uid 2001;
class r1;
authentication {
encrypted-password "$1$oqTRaFSC$tqHZZza/YLa.VBgILcH7f."; ##
SECRET-DATA
}
}
user r2 {
uid 2002;
class r2;
authentication {
encrypted-password "$1$n/GK8VMf$jaVuuKCxl4t4fNjJZL2G9/"; ##
SECRET-DATA
}
}
user r3 {
uid 2003;
class r3;
authentication {
encrypted-password "$1$YF1/tq4Z$OPcXmCWLowY1xLsj8LLn90"; ##
SECRET-DATA
}
}
}
this feature is introduced from JUNOS 8.5.
On Sun, Sep 6, 2009 at 3:41 AM, Yue Min <smartsuites at gmail.com> wrote:
> logical router is a great feature. however, I have some questions
> about how more efficiently user can access to logical router. here's
> the senario:
>
> r1, r2 , and r3 are three logical router. I want define three classes
> and users, each with full control of its logical router efficiently.
> it means, when r1 user login with its user account, it should see
> these things:
>
> 1. r1 will be able to see only "logical-routers r1" configure, and
> make configure changes only to r1.
> 2. when user r1 get into configure mode, it won't be warned "there's
> other user in configuration mode" if other user is r2 and/or r3, not a
> "global" user.
> 3. r1 should be able to issue command like "ping" "show route" "show
> isis database" etc. without speicifying logical router name.
>
> anyone has a good sample to do this? thanks.
>
> Min
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
BR!
James Chen
More information about the juniper-nsp
mailing list