Create User Groups
Create a new user group to associate command rules and data rules with it. The command rules and data rules are enforced on all users that are part of the user group.
For extensive information about creating user groups, task groups, RADIUS and TACACS configurations, see the Configuring AAA Services chapter in the System Security Configuration Guide for Cisco ASR 9000 Series Routers. For detailed information about commands, syntax and their description, see the Authentication, Authorization, and Accounting Commands chapter in the System Security Command Reference for Cisco ASR 9000 Series Routers.
Configure User Groups in XR VM
User groups are configured with the command parameters for a set of users, such as task groups. Entering the usergroup command accesses the user group configuration submode. Users can remove specific user groups by using the no form of the usergroup command. Deleting a usergroup that is still referenced in the system results in a warning.
Before you begin
Note |
Only users associated with the WRITE:AAA task ID can configure user groups. User groups cannot inherit properties from predefined groups, such as owner-sdr. |
Procedure
Step 1 |
configure Example:
Enters global configuration mode. |
Step 2 |
usergroup usergroup-name Example:
Creates a name for a particular user group and enters user group configuration submode.
|
Step 3 |
description string Example:
(Optional) Creates a description of the user group named in Step 2. |
Step 4 |
inherit usergroup usergroup-name Example:
|
Step 5 |
taskgroup taskgroup-name Example:
Associates the user group named in Step 2 with the task group named in this step.
|
Step 6 |
Repeat Step for each task group to be associated with the user group named in Step 2. |
Step 7 |
Use the commit or end command. commit —Saves the configuration changes and remains within the configuration session.
|
Create a User Group in System Admin VM
Create a user group for the System Admin VM.
The router supports a maximum of 32 user groups.
Before you begin
Create a user profile. See the Create User section.
Procedure
Step 1 |
admin Example:
Enters administration EXEC mode. |
||
Step 2 |
config Example:
Enters mode. |
||
Step 3 |
aaa authentication groups group group_name Example:
Creates a new user group (if it is not already present) and enters the group configuration mode. In this example, the user group "gr1" is created.
|
||
Step 4 |
users user_name Example:
Specify the name of the user that should be part of the user group. You can specify multiple user names enclosed withing double quotes. For example, users "user1 user2 ..." . |
||
Step 5 |
gid group_id_value Example:
Specify a numeric value. You can enter any 32 bit integer. |
||
Step 6 |
Use the commit or end command. commit —Saves the configuration changes and remains within the configuration session.
|
What to do next
-
Create command rules.
-
Create data rules.