The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco NX-OS security commands that begin with U.
To specify a virtual routing and forwarding (VRF) instance for a RADIUS or TACACS+ server group, use the use-vrf command. To remove the VRF instance, use the no form of this command.
use-vrf {vrf-name | default | management}
no use-vrf {vrf-name | default | management}
vrf-name |
VRF instance name. The name is case sensitive and can be a maximum of 32 alphanumeric characters. |
default |
Specifies the default VRF. |
management |
Specifies the management VRF. |
None
RADlUS server group configuration mode
TACACS+ server group configuration mode
|
|
5.2(1)N1(1) |
This command was introduced. |
You can configure only one VRF instance for a server group.
Use the aaa group server radius command RADIUS server group configuration mode or the aaa group server tacacs+ command to enter TACACS+ server group configuration mode.
If the server is not found, use the radius-server host command or tacacs-server host command to configure the server.
You must use the feature tacacs+ command before you configure TACACS+.
This example shows how to specify a VRF instance for a RADIUS server group:
switch(config)# aaa group server radius RadServer
switch(config-radius)# use-vrf management
This example shows how to specify a VRF instance for a TACACS+ server group:
switch(config)# aaa group server tacacs+ TacServer
switch(config-tacacs+)# use-vrf management
This example shows how to remove the VRF instance from a TACACS+ server group:
switch(config)# aaa group server tacacs+ TacServer
switch(config-tacacs+)# no use-vrf management
To create and configure a user account, use the username command. To remove a user account, use the no form of this command.
username user-id [expire date] [password {0 | 5} password] [role role-name] [priv-lvl level]
username user-id sshkey {key | filename filename}
no username user-id
No expiration date, password, or SSH key.
Global configuration mode
|
|
5.2(1)N1(1) |
This command was introduced. |
The switch accepts only strong passwords. The characteristics of a strong password include the following:
•At least eight characters long
•Does not contain many consecutive characters (such as "abcd")
•Does not contain many repeating characters (such as "aaabbb")
•Does not contain dictionary words
•Does not contain proper names
•Contains both uppercase and lowercase characters
•Contains numbers
You must enable the cumulative privilege roles for TACACS+ server using the feature privilege command to see the priv-lvl keyword.
This example shows how to create a user account with a password:
switch(config)# username user1 password Ci5co321
switch(config)#
This example shows how to configure the SSH key for a user account:
switch(config)# username user1 sshkey file bootflash:key_file
switch(config)#
This example shows how to configure the privilege level for a user account:
switch(config)# username user1 priv-lvl 15
switch(config)#