03-17-2007 05:25 PM - edited 03-05-2019 02:58 PM
Hi,
How can I give someone read-only access to mainly 2950 switches. It would be great, if they can surf to the switch with a readonly level.
Already saw some config with http://ip_address/level/7/ but I was still asked for a level 15 uid + pwd.
Regards,
kristine
03-19-2007 12:57 AM
Hi, you can do this with the use of privilege level. first explain wht r u trying to do ? wht is ur requirement?
Thanks
Ninja
03-19-2007 02:54 AM
u can assine a privilegde number to the users. I know that level 15 gives u full acces...so u need to give them a low number which will restrict there privileges...
ciao flash
03-19-2007 03:23 AM
I did,I created a user with privilege 14 and try to go to the switch http://x.x.x.x/level/14
but he doesn't accept my user with privilege 14 rights. He still allows me only to logon with level 15 credentials.
kristine
03-19-2007 03:36 AM
but do u want to prevent of grant users admin rights?
If u want to prevent that they cannot harm anything just make the account without using the priviledge option. When u do this they will be prompted with the user exec mode and only can make use of the show commands and no executable commands.
If u asine them a privlegde of 15 then the when the connect/log in to the interfaces the will start at priviledge mode.
I don't know what the impact is of the numbers between 0 and 15 maby someone else can clear this up...
ciao flash
03-19-2007 04:36 AM
I want them to be able to surf to the switch, see ports and configurations but not able to change anything.
If you allow them to connect in user mode (no privilege), they are not able to execute fe show running-config. I want them to be able, to do anything but in a readonly mode.
03-19-2007 04:56 AM
first of all tell me one thing what mode u want them to log in ?? WEB or TELNE. If u use telnet then its easy to do but for web m not sure whther u will b able to achieve that u can try that out. but for sure on telnet it works. for that u need to define a privilege level with certain commands which is available for that users. He can directly get the # prompt and can use only specific commands which is defined in privilege commands.
some sample commands are as below:
Central(config)#username junioradmin privilege 3 password test123
.
.
.
Central(config)#privilege exec level 3 ping
Central(config)#privilege exec level 3 traceroute
Central(config)#privilege exec level 3 show ip route
Central(config-line)#line vty 0 4
Central(config-line)#password test123
Central(config-line)#login local
I hope this would help. If it does then do rate this post.
Ninja
03-19-2007 04:41 AM
Hi, If u try to access switch via web interface then u need to define authentication option local then it will ask for local authentication. Command would be ip http auth local. before doing this u have to have used defined on ur device.
Thanks
Ninja
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: