cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
603
Views
10
Helpful
3
Replies

help in creating local user account in Nexus9k and APIC

shallugarg6343
Beginner
Beginner

Hi Experts,

 

I was creating a local user account with the name "test" on APIC and after i did, i could not login with that. am i missing something here

 

DOC-APIC3-B18# show username admin
UserName : admin
First-Name :
Last-Name :
Email :
Account Status : active
Password strength check : yes
TOTP Status : no
TOTP Secret : N/A

*********

DOC-APIC3-B18# config t
DOC-APIC3-B18(config)# username test
DOC-APIC3-B18(config-username)# password
Password:
Retype password:
DOC-APIC3-B18(config-username)# show username test
UserName : test
First-Name :
Last-Name :
Email :
Account Status : active
Password strength check : yes
TOTP Status : no
TOTP Secret : N/A

DOC-APIC3-B18(config-username)#

I did the above config on APIC device but after i open another session and try to login with username "test", it will not login

 

Also, can someone please help me with the commands to configure local user account on N9K-C9336PQ

3 Replies 3

Sergiu.Daniluk
VIP Alumni
VIP Alumni

Hi @shallugarg6343 

Out of curiosity, why don't you configure a new user using the APIC GUI?

Maybe you are not aware, but mixing the configuration of GUI and CLI is not supported. As a small suggestion: do all config changes from APIC GUI. It saves you the trouble of missing configuration or misconfig.

 

Anyway... about the problem you face:

1. You cannot login probably because you haven't selected the domain at the login prompt. I am just making the assumption that you have tacacs enabled and it's the default login domain.

2. Here is how the full config should look like (I highlighted with red what you missed in your configuration):

 

 username test
    domain common
      role read-all
        exit
      exit
    domain all
      role admin
        priv-type writePriv
        exit
      exit
    exit

Basically, you need to add the domain, role and privilege type.  The common domain is added by default.

 

 

For GUI config of users, you can find the details here: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/4-x/basic-configuration/Cisco-APIC-Basic-Configuration-Guide-401/Cisco-APIC-Basic-Configuration-Guide-401_chapter_011.html#concept_C29611371F5549F7AD548BA528CECE3E

 

For Nexus, here is the config guide: https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/102x/configuration/Security/cisco-nexus-9000-nx-os-security-configuration-guide-102x/m-configuring-user-accounts-and-rbac.html

 

 

Take care,

Sergiu

hi,

 

thanks for your valuable suggestion. I tried from GUI and it worked. I am new to Nexus9k environment and we have two datacenters and have ACI fabric. So, just learning.

 

So, i tried to login to APIC with the new credentials i created and i was through however cli did not work. Do you think there is something i am missing.

Because you have tacacs/radius domains configured as default domain, when you want to ssh to APIC, you need to use the following format to specify any other format (including the fallback/local)

apic#<domain>\\<username>

For example, when the you have the fallback domain enabled, and want to login as admin, try: apic#fallback\\admin

 

Stay safe,

Sergiu

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: