Read-Only Access to Web Based Device Manager?

Unanswered Question
Jun 14th, 2007

We have started deploying some 3650 and 3750 switches in a healthcare environment. They will be managed by one senior and two junior engineers. While I like using the web based device manager to do a quick check of the port utilization and general health of a switch, I would like to ensure that it can not be used to reset or configure the switch in any way. Is this possible? I see that it requires level 15 access to login, which is the highest privilege level.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anonymous (not verified) Thu, 06/21/2007 - 11:05

Cisco ASDM Version 5.0F integrates an array of robust security services to prevent unauthorized administrative access to a device. It supports a wide range of methods for authenticating administrators, including a local authentication database on a Cisco FWSM, or via a RADIUS/TACACS server. All communications between Cisco ASDM (running on an administrator's computer) and the security appliance are encrypted using Secure Sockets Layer (SSL) with either 56-bit Data Encryption Standard (DES) or the more secure 168-bit Triple DES (3DES) algorithm. Cisco ASDM supports up to 16 levels of customizable administrative access, granting administrators and operations personnel the appropriate level of permissions for every Cisco security appliance they manage (for example, monitor-only, read-only access to the configuration).

http://cisco.com/en/US/products/hw/modules/ps2706/products_data_sheet0900aecd803ded77.html

johnnylingo Thu, 06/21/2007 - 12:17

Nice, but this question is for a switch, not a PIX or ASA. The answer that I got from TAC was no; since it requires level 15 access there is no way to make it read-only.

I award you no points, and may God have mercy on your soul.

Actions

This Discussion