Check Levels
This scenario shows how to configure different user-levels for operational commands.
Lower Command User Level
Description
This example demonstrates how to lower the permissions needed to execute a specific operational command.
Scenario
Step 1: Set the following configuration in DUT0:
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system login user teldat authentication encrypted-password '$6$XBBPgEbtjVfBI8fm$jXDr87eSMmJi1li6nCaOPshHd7gzEdIq7IWtzSMlrCISxPQ.l/uttUjsiGo5QyuqczS266FTzNFrPwX99wLkB0' set system login user teldat role monitor
Step 2: Run command show running at DUT0 and check if output contains the following tokens:
Insufficient privilegesShow output
CLI Error: Insufficient privileges
Step 3: Login as admin user on {‘DOC’: ‘SDE’, ‘CAPS’: ‘all -cellular -ceetm’, ‘FWID’: ‘iso’, ‘LICENSE’: ‘VM’, ‘PORT’: ‘4000’, ‘ETH0’: ‘eth0’, ‘ETH1’: ‘eth1’, ‘MAC0’: ‘DE:AD:BE:EF:6C:10’, ‘MAC1’: ‘DE:AD:BE:EF:6C:11’, ‘HDA’: ‘/var/tmp/hd-vm0.img’, ‘CPUS’: ‘4’, ‘MEM’: ‘2049’, ‘MON_PORT’: ‘5000’, ‘MON_ALIAS’: ‘VM0_MON’, ‘ADDR’: ‘localhost’, ‘CMD_TIMEOUT’: ’20s’, ‘REBOOT_TIMEOUT’: ‘300s’, ‘UPDATE_TIMEOUT’: ‘600s’, ‘COMMIT_TIMEOUT’: ’60s’, ‘IMAGE_STORAGE’: ‘True’, ‘ALIAS’: ‘DUT0’, ‘FW_NAME’: ‘os_iso.iso’, ‘ROBOT_IP’: ‘10.215.168.64’, ‘NEEDS_REBOOT’: False, ‘NEEDS_LICENSE’: True}.
Step 4: Modify the following configuration lines in DUT0:
set user-level 0 command 'show running'
Step 5: Run command show running at DUT0 and expect this output:
Show output
# Teldat OSDx VM version v4.1.1.0 # Wed 03 Jul 2024 17:29:11 UTC +00:00 # Warning: Configuration has not been saved set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system login user teldat authentication encrypted-password '$6$XBBPgEbtjVfBI8fm$jXDr87eSMmJi1li6nCaOPshHd7gzEdIq7IWtzSMlrCISxPQ.l/uttUjsiGo5QyuqczS266FTzNFrPwX99wLkB0' set system login user teldat role monitor set user-level 0 command 'show running'
Step 6: Login as admin user on {‘DOC’: ‘SDE’, ‘CAPS’: ‘all -cellular -ceetm’, ‘FWID’: ‘iso’, ‘LICENSE’: ‘VM’, ‘PORT’: ‘4000’, ‘ETH0’: ‘eth0’, ‘ETH1’: ‘eth1’, ‘MAC0’: ‘DE:AD:BE:EF:6C:10’, ‘MAC1’: ‘DE:AD:BE:EF:6C:11’, ‘HDA’: ‘/var/tmp/hd-vm0.img’, ‘CPUS’: ‘4’, ‘MEM’: ‘2049’, ‘MON_PORT’: ‘5000’, ‘MON_ALIAS’: ‘VM0_MON’, ‘ADDR’: ‘localhost’, ‘CMD_TIMEOUT’: ’20s’, ‘REBOOT_TIMEOUT’: ‘300s’, ‘UPDATE_TIMEOUT’: ‘600s’, ‘COMMIT_TIMEOUT’: ’60s’, ‘IMAGE_STORAGE’: ‘True’, ‘ALIAS’: ‘DUT0’, ‘FW_NAME’: ‘os_iso.iso’, ‘ROBOT_IP’: ‘10.215.168.64’, ‘NEEDS_REBOOT’: False, ‘NEEDS_LICENSE’: True}.
Raise Command User Level
Description
This example demonstrates how to raise the permissions needed to execute a specific operational command.
Scenario
Step 1: Set the following configuration in DUT0:
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system login user teldat authentication encrypted-password '$6$nLI0wXY6aYt4DxeB$6k2RZmCmQW1/0syVgQd9.ZVRhb4ZQlXsL1Th6G68EeFUeB0eo2SbSAyGlt7pyd1xceJBkfVKHFuqH/KYIYLHr1' set system login user teldat role monitor
Step 2: Run command system login show users at DUT0 and expect this output:
Show output
NAME LINE TIME COMMENT teldat ttyS0 2024-07-03 17:29
Step 3: Login as admin user on {‘DOC’: ‘SDE’, ‘CAPS’: ‘all -cellular -ceetm’, ‘FWID’: ‘iso’, ‘LICENSE’: ‘VM’, ‘PORT’: ‘4000’, ‘ETH0’: ‘eth0’, ‘ETH1’: ‘eth1’, ‘MAC0’: ‘DE:AD:BE:EF:6C:10’, ‘MAC1’: ‘DE:AD:BE:EF:6C:11’, ‘HDA’: ‘/var/tmp/hd-vm0.img’, ‘CPUS’: ‘4’, ‘MEM’: ‘2049’, ‘MON_PORT’: ‘5000’, ‘MON_ALIAS’: ‘VM0_MON’, ‘ADDR’: ‘localhost’, ‘CMD_TIMEOUT’: ’20s’, ‘REBOOT_TIMEOUT’: ‘300s’, ‘UPDATE_TIMEOUT’: ‘600s’, ‘COMMIT_TIMEOUT’: ’60s’, ‘IMAGE_STORAGE’: ‘True’, ‘ALIAS’: ‘DUT0’, ‘FW_NAME’: ‘os_iso.iso’, ‘ROBOT_IP’: ‘10.215.168.64’, ‘NEEDS_REBOOT’: False, ‘NEEDS_LICENSE’: True}.
Step 4: Modify the following configuration lines in DUT0:
set user-level 15 command 'system login show users'
Step 5: Run command show running at DUT0 and check if output contains the following tokens:
Insufficient privilegesShow output
CLI Error: Insufficient privileges
Step 6: Login as admin user on {‘DOC’: ‘SDE’, ‘CAPS’: ‘all -cellular -ceetm’, ‘FWID’: ‘iso’, ‘LICENSE’: ‘VM’, ‘PORT’: ‘4000’, ‘ETH0’: ‘eth0’, ‘ETH1’: ‘eth1’, ‘MAC0’: ‘DE:AD:BE:EF:6C:10’, ‘MAC1’: ‘DE:AD:BE:EF:6C:11’, ‘HDA’: ‘/var/tmp/hd-vm0.img’, ‘CPUS’: ‘4’, ‘MEM’: ‘2049’, ‘MON_PORT’: ‘5000’, ‘MON_ALIAS’: ‘VM0_MON’, ‘ADDR’: ‘localhost’, ‘CMD_TIMEOUT’: ’20s’, ‘REBOOT_TIMEOUT’: ‘300s’, ‘UPDATE_TIMEOUT’: ‘600s’, ‘COMMIT_TIMEOUT’: ’60s’, ‘IMAGE_STORAGE’: ‘True’, ‘ALIAS’: ‘DUT0’, ‘FW_NAME’: ‘os_iso.iso’, ‘ROBOT_IP’: ‘10.215.168.64’, ‘NEEDS_REBOOT’: False, ‘NEEDS_LICENSE’: True}.
Customize Multi-option Command
Description
This example demonstrates how to prohibit the use of some options in a specific operational command.
Scenario
Step 1: Set the following configuration in DUT0:
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system login user teldat authentication encrypted-password '$6$XtD8ffH4ggQpnwFS$WpQLIxtgElDcU8HXvBjrD4DN.3q3Iuz4w0D29RilfAoFEtJo7YVJlsHR8BuCcplXbyRWEu00SxYHRwRTe.R851' set system login user teldat role monitor
Step 2: Run command system conntrack show protocol tcp at DUT0 and expect this output:
Show output
conntrack v1.4.7 (conntrack-tools): 0 flow entries have been shown.
Step 3: Login as admin user on {‘DOC’: ‘SDE’, ‘CAPS’: ‘all -cellular -ceetm’, ‘FWID’: ‘iso’, ‘LICENSE’: ‘VM’, ‘PORT’: ‘4000’, ‘ETH0’: ‘eth0’, ‘ETH1’: ‘eth1’, ‘MAC0’: ‘DE:AD:BE:EF:6C:10’, ‘MAC1’: ‘DE:AD:BE:EF:6C:11’, ‘HDA’: ‘/var/tmp/hd-vm0.img’, ‘CPUS’: ‘4’, ‘MEM’: ‘2049’, ‘MON_PORT’: ‘5000’, ‘MON_ALIAS’: ‘VM0_MON’, ‘ADDR’: ‘localhost’, ‘CMD_TIMEOUT’: ’20s’, ‘REBOOT_TIMEOUT’: ‘300s’, ‘UPDATE_TIMEOUT’: ‘600s’, ‘COMMIT_TIMEOUT’: ’60s’, ‘IMAGE_STORAGE’: ‘True’, ‘ALIAS’: ‘DUT0’, ‘FW_NAME’: ‘os_iso.iso’, ‘ROBOT_IP’: ‘10.215.168.64’, ‘NEEDS_REBOOT’: False, ‘NEEDS_LICENSE’: True}.
Step 4: Modify the following configuration lines in DUT0:
set user-level 15 command 'system conntrack show protocol <txt>'
Step 5: Run command system conntrack show protocol tcp at DUT0 and check if output contains the following tokens:
Insufficient privilegesShow output
CLI Error: Insufficient privileges
Step 6: Login as admin user on {‘DOC’: ‘SDE’, ‘CAPS’: ‘all -cellular -ceetm’, ‘FWID’: ‘iso’, ‘LICENSE’: ‘VM’, ‘PORT’: ‘4000’, ‘ETH0’: ‘eth0’, ‘ETH1’: ‘eth1’, ‘MAC0’: ‘DE:AD:BE:EF:6C:10’, ‘MAC1’: ‘DE:AD:BE:EF:6C:11’, ‘HDA’: ‘/var/tmp/hd-vm0.img’, ‘CPUS’: ‘4’, ‘MEM’: ‘2049’, ‘MON_PORT’: ‘5000’, ‘MON_ALIAS’: ‘VM0_MON’, ‘ADDR’: ‘localhost’, ‘CMD_TIMEOUT’: ’20s’, ‘REBOOT_TIMEOUT’: ‘300s’, ‘UPDATE_TIMEOUT’: ‘600s’, ‘COMMIT_TIMEOUT’: ’60s’, ‘IMAGE_STORAGE’: ‘True’, ‘ALIAS’: ‘DUT0’, ‘FW_NAME’: ‘os_iso.iso’, ‘ROBOT_IP’: ‘10.215.168.64’, ‘NEEDS_REBOOT’: False, ‘NEEDS_LICENSE’: True}.
Customize File Pipe Command
Description
This example demonstrates how to lower the permissions needed to execute both the file pipe and the operational command.
Scenario
Step 1: Set the following configuration in DUT0:
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system login user teldat authentication encrypted-password '$6$2FCmRA/oy8fm8YUy$AYnLb6724Oqkx/t2ExEaPYVkVz6GpgBmE8Oyu.8Ulq2YxzkpZQiTcynpCakYWuU4ULZk/9E29w.Nhi9IlVj3q0' set system login user teldat role monitor
Step 2: Run command system login show users | file at DUT0 and expect this output:
Show output
Command's output saved under "support/system_login_show_users_2024-07-03-172943" Filesize: 153.000 B
Step 3: Login as admin user on {‘DOC’: ‘SDE’, ‘CAPS’: ‘all -cellular -ceetm’, ‘FWID’: ‘iso’, ‘LICENSE’: ‘VM’, ‘PORT’: ‘4000’, ‘ETH0’: ‘eth0’, ‘ETH1’: ‘eth1’, ‘MAC0’: ‘DE:AD:BE:EF:6C:10’, ‘MAC1’: ‘DE:AD:BE:EF:6C:11’, ‘HDA’: ‘/var/tmp/hd-vm0.img’, ‘CPUS’: ‘4’, ‘MEM’: ‘2049’, ‘MON_PORT’: ‘5000’, ‘MON_ALIAS’: ‘VM0_MON’, ‘ADDR’: ‘localhost’, ‘CMD_TIMEOUT’: ’20s’, ‘REBOOT_TIMEOUT’: ‘300s’, ‘UPDATE_TIMEOUT’: ‘600s’, ‘COMMIT_TIMEOUT’: ’60s’, ‘IMAGE_STORAGE’: ‘True’, ‘ALIAS’: ‘DUT0’, ‘FW_NAME’: ‘os_iso.iso’, ‘ROBOT_IP’: ‘10.215.168.64’, ‘NEEDS_REBOOT’: False, ‘NEEDS_LICENSE’: True}.
Step 4: Modify the following configuration lines in DUT0:
set user-level 10 command file
Step 5: Run command system login show users | file at DUT0 and check if output contains the following tokens:
Insufficient privilegesShow output
CLI Error: Insufficient privileges to use 'file' pipe CLI Error: Command error
Step 6: Login as admin user on {‘DOC’: ‘SDE’, ‘CAPS’: ‘all -cellular -ceetm’, ‘FWID’: ‘iso’, ‘LICENSE’: ‘VM’, ‘PORT’: ‘4000’, ‘ETH0’: ‘eth0’, ‘ETH1’: ‘eth1’, ‘MAC0’: ‘DE:AD:BE:EF:6C:10’, ‘MAC1’: ‘DE:AD:BE:EF:6C:11’, ‘HDA’: ‘/var/tmp/hd-vm0.img’, ‘CPUS’: ‘4’, ‘MEM’: ‘2049’, ‘MON_PORT’: ‘5000’, ‘MON_ALIAS’: ‘VM0_MON’, ‘ADDR’: ‘localhost’, ‘CMD_TIMEOUT’: ’20s’, ‘REBOOT_TIMEOUT’: ‘300s’, ‘UPDATE_TIMEOUT’: ‘600s’, ‘COMMIT_TIMEOUT’: ’60s’, ‘IMAGE_STORAGE’: ‘True’, ‘ALIAS’: ‘DUT0’, ‘FW_NAME’: ‘os_iso.iso’, ‘ROBOT_IP’: ‘10.215.168.64’, ‘NEEDS_REBOOT’: False, ‘NEEDS_LICENSE’: True}.