U Commands
Download this chapter
U CommandsU Commands
 Feedback

Table Of Contents

U Commands

use-vrf

username


U Commands

This chapter describes the Cisco NX-OS security commands that begin with U.

use-vrf

To specify a virtual routing and forwarding instance (VRF) name for a RADIUS or TACACS+ server group, use the use-vrf command. To remove the VRF name, use the no form of this command.

use-vrf vrf-name

no use-vrf vrf-name

Syntax Description

vrf-name

VRF name. The name is case sensitive.


Defaults

None

Command Modes

RADlUS server group configuration
TACACS+ server group configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

You can configure only one VRF instance for a server group.

Use the aaa group server radius command RADIUS server group configuration mode or the aaa group server tacacs+ command to enter TACACS+ server group configuration mode.

If the server is not found, use the radius-server host command or tacacs-server host command to configure the server.

Note You must use the feature tacacs+ command before you configure TACACS+.

This command does not require a license.

Examples

This example shows how to specify a VRF name for a RADIUS server group: 

switch# config t

switch(config)# aaa group server radius RadServer

switch(config-radius)# use-vrf vrf1

This example shows how to specify a VRF name for a TACACS+ server group: 

switch# config t

switch(config)# feature tacacs+

switch(config)# aaa group server tacacs+ TacServer

switch(config-tacacs+)# use-vrf vrf2

This example shows how to remove the VRF name from a TACACS+ server group: 

switch# config t

switch(config)# feature tacacs+

switch(config)# aaa group server tacacs+ TacServer

switch(config-tacacs+)# no use-vrf vrf2

Related Commands

Command
Description

aaa group server

Configures AAA server groups.

radius-server host

Configures a RADIUS server.

show radius-server groups

Displays RADIUS server information.

show tacacs-server groups

Displays TACACS+ server information.

feature tacacs+

Enables TACACS+.

tacacs-server host

Configures a TACACS+ server.

vrf

Configures a VRF instance.


username

To create and configure a user account in a virtual device context (VDC), use the username command. To remove a user account, use the no form of this command.

username user-id [expire date] [password [0 | 5] password] [role role-name]

username user-id [sshkey {key | file filename}]

no username user-id

Syntax Description

user-id

User identifier for the user account. The user-id argument is a case-sensitive, alphanumeric character string with a maximum length of 28 characters. For more information, see the usage guidelines section below.

Note The NX-OS software does not allowed the "#" and "@" characters in the user-id argument text string. However, the Cisco NX-OS software allows these special characters in the user-id argument text string: ( _ . + = \ - ).

expire date

(Optional) Specifies the expire date for the user account. The format for the date argument is YYYY-MM-DD.

password

(Optional) Specifies a password for the account. The default is no password.

0

(Optional) Specifies that the password is in clear text. Clear text passwords are encrypted before they are saved to the running configuration.

5

(Optional) Specifies that the password is in encrypted format. Encrypted passwords are not changed before they are saved to the running configuration.

password

Password string. The password is alphanumeric, case sensitive, and has a maximum of 64 characters.

Note Clear text passwords cannot contain dollar signs ($) or spaces anywhere in the password. Also, they cannot include these special characters at the beginning of the password: quotation marks (" or '), vertical bars (|), or right angle brackets (>).

role role-name

(Optional) Specifies the user role. The role-name argument is case sensitive.

sshkey

(Optional) Specifies an SSH key for the user account.

key

SSH key string.

file filename

Specifies the name of a file that contains the SSH key string.


Defaults

Unless specified, usernames have is no expire date, password, or SSH key.

In the default VDC, the default role is network-operator if the creating user has the network-admin role, or the default role is vdc-operator if the creating user has the vdc-admin role.

In nondefault VDCs, the default user role is vdc-operator.

You cannot delete the default admin user role. Also, you cannot change the expire date or remove the network-admin role for the default admin user role.

This command does not require a license.

Command Modes

Global configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.1(2)

Added the sshkey keyword option.

4.0(1)

This command was introduced.


Usage Guidelines

The NX-OS software creates two default user accounts in the VDC: admin and adminbackup. The nondefault VDCs have one default user account: admin. You cannot remove a default user account.

User accounts are local to the VDCs. You can create user accounts with the same user identifiers in different VDCs.

Caution The Cisco NX-OS software does not support all numeric usernames, whether created with TACACS+ or RADIUS, or created locally. Local users with all numeric names cannot be created. If an all numeric user name exists on an AAA server and is entered during login, the user is not logged in.

The NX-OS software accepts only strong passwords when you have password-strength checking enabled using the password strength-check command. The characteristics of a strong password include the following:

At least eight characters long

Does not contain many consecutive characters (such as "abcd")

Does not contain many repeating characters (such as "aaabbb")

Does not contain dictionary words

Does not contain proper names

Contains both uppercase and lowercase characters

Contains numbers

Caution If you do not specify a password for the user account, the user might not be able to log in to the account.

This command does not require a license.

Examples

This example shows how to create a user account with a password and a user role: 

switch# config t

switch(config)# username user1 password Ci5co321 role vdc-admin

This example shows how to configure the SSH key for a user account: 

switch# config t

switch(config)# username user1 sshkey file bootflash:key_file

Related Commands

Command
Description

password strength-check

Checks the password security strength.

show user-account

Displays the user account configuration.