Information About User Accounts
Access to the Cisco Nexus 1000V is accomplished by setting up user accounts that define the specific actions permitted by each user. You can create up to 256 user accounts. Each user account includes the following criteria:
-
Role
-
Username
-
Password
-
Expiration date
Role
A role is a collection of rules that define the specific actions that can be shared by a group of users. The following broadly defined roles, for example, can be assigned to user accounts. These roles are predefined in the Cisco Nexus 1000V and cannot be modified:
role: network-admin
description: Predefined network admin role has access to all commands
on the switch
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
1 permit read-write
role: network-operator
description: Predefined network operator role has access to all read
commands on the switch
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
1 permit read
You can create an additional 64 roles that define access for users.
Each user account must be assigned at least one role and can be assigned up to 64 roles.
You can create roles that, by default, permit access to the following commands only. You must add rules to allow users to configure features.
-
show
-
exit
-
end
-
configure terminal
Username
A username identifies an individual user by a unique character string, such as daveGreen. Usernames are case sensitive and can consist of up to 28 alphanumeric characters. A username consisting of all numerals is not allowed. If an all-numeric username exists on an AAA server and is entered during login, the user is not logged in.
Password
A password is a case-sensitive character string that enables access by a specific user and helps prevent unauthorized access. You can add a user without a password, but they may not be able to access the device. Passwords should be strong so that they cannot be easily guessed for unauthorized access.
The following characters are not permitted in clear text passwords:
-
dollar signs ($)
-
spaces
The following special characters are not permitted at the beginning of the password:
-
quotation marks (" or ')
-
vertical bars (|)
-
right angle brackets (>)
The following table lists the characteristics of strong passwords.
Strong passwords have: |
Strong passwords do not have: |
---|---|
At least eight characters |
Consecutive characters, such as “abcd” |
Uppercase letters |
Repeating characters, such as “aaabbb” |
Lowercase letters |
Dictionary words |
Numbers |
Proper names |
Special characters |
Some examples of strong passwords are as follows:
-
If2CoM18
-
2004AsdfLkj30
-
Cb1955S21
Check of Password Strength
The device checks password strength automatically by default. When you add a username and password, the strength of the password is evaluated. If it is a weak password, the following error message is displayed to notify you:
switch# config terminal
switch (config)# username daveGreen password davey
password is weak
Password should contain characters from at least three of the classes:
lower case letters, upper case letters, digits, and special characters
Password strength checking can be disabled.
Expiration Date
By default, a user account does not expire. You can, however, explicitly configure an expiration date on which the account will be disabled.