■ Allow-All-VR-Access—1
Example 2 In this example, you want the user to have access to all VRs and to log in to the VR
Boston. Set the VSAs as follows:
■ Allow-All-VR-Access—1
■ Virtual-Router—Boston
Example 3 In this example, you want the user to have access only to the VR Boston. Set the
VSAs as follows:
■ Allow-All-VR-Access—0
■ Virtual-Router—Boston
Example 4 In this example, you want the user to log in to VR Boston, and to have access to VRs
Chicago, Los Angeles, and San Francisco. Set the VSAs as follows:
■ Allow-All-VR-Access—0
■ Virtual-Router—Boston
■ Alt-CLI-Virtual-Router-Name—Chicago
■ Alt-CLI-Virtual-Router-Name—Los Angeles
■ Alt-CLI-Virtual-Router-Name—San Francisco
Commands Available to Users
If you do not configure RADIUS authentication for the console or virtual terminals,
there are no restrictions on VR access for any user who successfully logs in to the
router. For example, nonrestricted users can:
■ Issue the virtual-router command in Privileged Exec mode, to switch to another
previously created virtual router.
■ Issue the virtual-router command in Global Configuration mode to create a new
virtual router and switch to its context.
■ Access Global Configuration mode to configure the router and virtual routers.
■ View all settings for the router and all virtual routers.
User restricted to one or a set of specific VRs can see and use only a limited set of
commands to monitor the status of those VRs and view some configuration settings
on those VRs. More specifically, such users:
■ Can issue the virtual-router command in Privileged Exec mode to switch to
another previously configured VR to which they have access.
■ Cannot create new VRs or access VRs other than those to which they have access.
Restricting User Access ■ 449
Chapter 7: Passwords and Security
To Next Page
Loading...