cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1096
Views
0
Helpful
7
Replies

Readonly access to switches

meganck01
Level 1
Level 1

Hi,

How can I give someone read-only access to mainly 2950 switches. It would be great, if they can surf to the switch with a readonly level.

Already saw some config with http://ip_address/level/7/ but I was still asked for a level 15 uid + pwd.

Regards,

kristine

7 Replies 7

jain.nitin
Level 3
Level 3

Hi, you can do this with the use of privilege level. first explain wht r u trying to do ? wht is ur requirement?

Thanks

Ninja

u can assine a privilegde number to the users. I know that level 15 gives u full acces...so u need to give them a low number which will restrict there privileges...

ciao flash

I did,I created a user with privilege 14 and try to go to the switch http://x.x.x.x/level/14

but he doesn't accept my user with privilege 14 rights. He still allows me only to logon with level 15 credentials.

kristine

but do u want to prevent of grant users admin rights?

If u want to prevent that they cannot harm anything just make the account without using the priviledge option. When u do this they will be prompted with the user exec mode and only can make use of the show commands and no executable commands.

If u asine them a privlegde of 15 then the when the connect/log in to the interfaces the will start at priviledge mode.

I don't know what the impact is of the numbers between 0 and 15 maby someone else can clear this up...

ciao flash

I want them to be able to surf to the switch, see ports and configurations but not able to change anything.

If you allow them to connect in user mode (no privilege), they are not able to execute fe show running-config. I want them to be able, to do anything but in a readonly mode.

first of all tell me one thing what mode u want them to log in ?? WEB or TELNE. If u use telnet then its easy to do but for web m not sure whther u will b able to achieve that u can try that out. but for sure on telnet it works. for that u need to define a privilege level with certain commands which is available for that users. He can directly get the # prompt and can use only specific commands which is defined in privilege commands.

some sample commands are as below:

Central(config)#username junioradmin privilege 3 password test123

.

.

.

Central(config)#privilege exec level 3 ping

Central(config)#privilege exec level 3 traceroute

Central(config)#privilege exec level 3 show ip route

Central(config-line)#line vty 0 4

Central(config-line)#password test123

Central(config-line)#login local

I hope this would help. If it does then do rate this post.

Ninja

Hi, If u try to access switch via web interface then u need to define authentication option local then it will ask for local authentication. Command would be ip http auth local. before doing this u have to have used defined on ur device.

Thanks

Ninja

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco