C H A P T E R
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
18-1
Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x
OL-9285-05
18
Troubleshooting Users and Roles
This chapter describes procedures used to troubleshoot users and roles created and maintained in the
Cisco MDS 9000 Family Switch products. It includes the following sections:
•
Overview, page 18-1
•
Initial Troubleshooting Checklist, page 18-4
•
User and Role Issues, page 18-4
•
Troubleshooting Users and Roles with Cisco ACS, page 18-12
Overview
The CLI and SNMP use common roles in all switches in the Cisco MDS 9000 Family. You can use the
CLI to modify a role that was created using SNMP and vice versa. A user configured through the CLI
can access the switch using SNMP (for example, Fabric Manager or Device Manager) and vice versa.
User Accounts
Every Cisco MDS 9000 Family switch user has the account information stored by the system. You can
add up to 256 users to a switch. The authentication information, user name, user password, password
expiration date, and role membership are stored in the user profile.
The most important aspect of a user is creating a strong password. Weak passwords are not accepted by
Cisco SAN-OS, whether you try to configure them locally or attempt authentication using an AAA
server.
A strong password has the following characteristics:
•
Contains at least eight characters.
•
Does not contain many consecutive characters (such as “abcd”).
•
Does not contain many repeating characters (such as “aaabbb”).
•
Does not contain dictionary words.
•
Does not contain proper names.
•
Contains both uppercase and lowercase characters.
•
Contains numbers.
The following examples show strong passwords: