jain.nitin Mon, 03/19/2007 - 00:57

Hi, you can do this with the use of privilege level. first explain wht r u trying to do ? wht is ur requirement?



flashsplash Mon, 03/19/2007 - 02:54

u can assine a privilegde number to the users. I know that level 15 gives u full acces...so u need to give them a low number which will restrict there privileges...

ciao flash

meganck01 Mon, 03/19/2007 - 03:23

I did,I created a user with privilege 14 and try to go to the switch http://x.x.x.x/level/14

but he doesn't accept my user with privilege 14 rights. He still allows me only to logon with level 15 credentials.


flashsplash Mon, 03/19/2007 - 03:36

but do u want to prevent of grant users admin rights?

If u want to prevent that they cannot harm anything just make the account without using the priviledge option. When u do this they will be prompted with the user exec mode and only can make use of the show commands and no executable commands.

If u asine them a privlegde of 15 then the when the connect/log in to the interfaces the will start at priviledge mode.

I don't know what the impact is of the numbers between 0 and 15 maby someone else can clear this up...

ciao flash

meganck01 Mon, 03/19/2007 - 04:36

I want them to be able to surf to the switch, see ports and configurations but not able to change anything.

If you allow them to connect in user mode (no privilege), they are not able to execute fe show running-config. I want them to be able, to do anything but in a readonly mode.

jain.nitin Mon, 03/19/2007 - 04:56

first of all tell me one thing what mode u want them to log in ?? WEB or TELNE. If u use telnet then its easy to do but for web m not sure whther u will b able to achieve that u can try that out. but for sure on telnet it works. for that u need to define a privilege level with certain commands which is available for that users. He can directly get the # prompt and can use only specific commands which is defined in privilege commands.

some sample commands are as below:

Central(config)#username junioradmin privilege 3 password test123




Central(config)#privilege exec level 3 ping

Central(config)#privilege exec level 3 traceroute

Central(config)#privilege exec level 3 show ip route

Central(config-line)#line vty 0 4

Central(config-line)#password test123

Central(config-line)#login local

I hope this would help. If it does then do rate this post.


jain.nitin Mon, 03/19/2007 - 04:41

Hi, If u try to access switch via web interface then u need to define authentication option local then it will ask for local authentication. Command would be ip http auth local. before doing this u have to have used defined on ur device.




This Discussion