14/9/22, 17:53 NE | 4 - Creating User Accounts

AED Training
Creating User Accounts
Overview
Description

In this lab you will create additional local user accounts that can be used to access your AED
deployment to assist with various maintenance and operational tasks when remote authentication is
unavailable.

Objectives

After completing this lab exercise, you will be able to:

Create local user accounts for each of the user group types.

Verify the access capabilities of each user account type.

Perform user account tasks such as displaying user account status and managing user account
access.

Estimated Completion Time

The estimated completion time for this lab is 45 minutes.

Lab Topology

Please ensure you read each step carefully before performing the required task in the order described.

If you are asked for your [POD] number in this lab, use the number that is part of your NE
username. 

Example:  Username NE312 <=> [POD] = 312

 

Create Local User Accounts

The following steps will guide you through creating local user accounts within the AED.

1. Skip to Step 2 if a tab to the AED web UI is open. If not, then from your NETSCOUT Experience user
dashboard, click on the AED link to open a new tab to the web UI.

At the prompt log into the AED with your admin credentials.
Username: admin

Password: Welcome123!

2. Navigate the menu bar to the Administration > User Accounts, you will notice that the admin user
already exists but there are no other local accounts defined or available for use as a backup.

3. Select the Add Account button to begin creating a new user account. In the Add New Account window
follow the configuration details described in the next steps.

4. Use a username of ddos_admin and choose a Real Name.

N t
https://portal.ne.netscout.com/dashboard/lab_guide/440/45085/
t t th f ll i it i 1/5
14/9/22, 17:53 NE | 4 - Creating User Accounts
Note: usernames must meet the following criteria:
must contain 1 to 31 characters
can contain any combination of letters (A-Z, a-z) and numbers, or both
cannot begin with a hyphen or underscore but can include them
cannot include a period (.)

And you cannot edit the user name after the user account is created. If you make a mistake in
the user name, delete the account and recreate it

5. For the Group field select ddos_admin. Also, Use the "Help" button on the menu bar and then use the
Search box to search for "Predefined user groups". You can now view the default user groups and
access priviliges.

User groups allow you to organize AED users by the different levels of system access that they are
allowed. When you create a user account, you must assign that account to a user group. The owner of
that account inherits the access levels that are assigned to that user group.

Allows full administrative access to view and configure AED settings. Users in this
group have read and write access to the UI, the API, and the command line interface
system_admin (CLI).
Users can add and delete system_admin, ddos_admin, system_user, and
system_none user accounts.

Allows limited administrative access, to view and configure DDoS mitigation settings
only. Users in this group have read and write access to some of the UI pages and a
ddos_admin subset of CLI commands.

Users can add and delete ddos_admin, system_user, and system_none user accounts,
but not system_admin accounts.

Allows read access to view events and run blocked host queries using the UI
system_user Users in this group cannot add user accounts, but they can change the real name,
email, time zone, and password for their account.

Denies AED access to unwanted users who have an account on a TACACS+ or

RADIUS server.

system_none When your organization uses RADIUS or TACACS+ authentication, it is possible for
all users who have an account on the authentication server to access AED. Use this
group to lock out users, and assign other user groups to users who need AED
access.

6. Next, leave the Email field blank. An email address is not required to create the account but it is a
good reference for administrative purposes.

7. Optionally set the Time zone in which this user resides.

For this lab this setting value is your preference, any timezone or the default value is acceptable. The
time zone setting defaults to the system time zone, which you configure on the Configure General
Settings page. Change the time zone only if this user resides in a different time zone. This setting only
affects the displayed time for this user, it does not affect other users' view.

8. It is recommended to use a password of Welcome123!

If you use a different password, record both the username and password here so that you may easily
recall it later:

9. Create a second account called system_user and assign it to the system_user group.

If needed, you can record information here:

https://portal.ne.netscout.com/dashboard/lab_guide/440/45085/ 2/5
14/9/22, 17:53 NE | 4 - Creating User Accounts

10. Create a third account called system_none and assign it to the system_none group.

If needed, you can record information here:

11. Create a fourth account, this account is most important! This account is required for upcoming lab
exercises. Please use these recommended settings:
Username: NE102
Real name: add any name or leave blank
Group: system_admin
Email: add an email address or leave blank
Time zone: specify any time zone for this user
Password: Kinemumo4^
Verify: Kinemumo4^

12. You should now have five user accounts created with different access priviliges assigned to each.

13. Login and verify the UI view and functionality of each user account by using each to separately login to
your AED and navigate the different menu bar options to identify differences in each account group
types.

Repeat this with each of the logins with different Group access privileges.

14. Were you able to successfully log into the AED using each of the new user accounts (y/n):

15. After logging in using all accounts, log out and then log back in using your NETSCOUT Experience
admin account:
Username: admin
Password: Welcome123!

16. What were some of the differences that you noticed between the different group types?

system_admin:

ddos_admin:

system_user:

system_none:

https://portal.ne.netscout.com/dashboard/lab_guide/440/45085/ 3/5
14/9/22, 17:53 NE | 4 - Creating User Accounts

17. Go to the NETSCOUT Experience user dashboard and click on the Serial Console link, this opens a new
tab that you will use to connect to the serial console of your AED.

18. When prompted enter your NETSCOUT Experience user credentials.

Username: NE102
Password: Kinemumo4^

19. To connect to the AED serial console, in the Appliance prompt type in AED.

20. At the username prompt log into the AED with the admin username and password. Note: you may
need to press enter to obtain the login prompt.
Username: admin
Password: Welcome123!

21. To disable the ddos_admin account, make sure ddos_admin has been logged out of all browsers then
enter:

/ services aaa disable_account ddos_admin

22. Now test to see if ddos_admin can login to the AED web UI. Were you able to login?

23. This account login should have failed with an “Invalid authentication!” message. To view the account
status of ddos_admin, enter:

/ services aaa user_hist

Or

/ services aaa user_hist ddos_admin

What does this account's status display?

24. To enable the ddos_admin account, enter:

/ services aaa enable_account ddos_admin

25. Now test again to see if ddos_admin can login to the AED web UI, where you able to login?

The ddos_admin account should now be able to successfully login without issues.

26. Another lab exercise successully completed, that's fantastic! You have created multiple local user
accounts with different group settngs, and then you tested access to each of those account types. This
lab exercise is now complete.

27. Please notify the instructor that you have completed this lab exercise.

If you would like a copy of this lab select either the Print or the Save Page As (Control-S) menu
options from your browser’s dropdown menu.

Depending on which browser you are using, to access these menu options select either:

Select "File" from the your browser's menu, then choose either:

https://portal.ne.netscout.com/dashboard/lab_guide/440/45085/ 4/5
14/9/22, 17:53 NE | 4 - Creating User Accounts

 1.) Print > Print to PDF

 2.) Save Page As > Web Page Complete.

Or select the three dot vertical ellipsis, then choose either:

 1.) Print > Print to PDF

 2.) Save Page As > Web Page Complete.

Or select the three line hamburger menu button, then choose either:

 1.) Print > Print to PDF

 2.) Save Page As > Web Page Complete.

Select whichever method that works best with your browser.  

This completes the lab exercise for the quick installation script for your AED. For more information about the
configuration settings for your AED's installation, refer to the AED Quick Start Card / Installation
Guide and/or the Arbor Edge Defense User Guide.

© Copyright 2022 NETSCOUT, Inc. All rights reserved

https://portal.ne.netscout.com/dashboard/lab_guide/440/45085/ 5/5