×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Read-Only Access to Web Based Device Manager?

Unanswered Question
Jun 14th, 2007
User Badges:
  • Bronze, 100 points or more

We have started deploying some 3650 and 3750 switches in a healthcare environment. They will be managed by one senior and two junior engineers. While I like using the web based device manager to do a quick check of the port utilization and general health of a switch, I would like to ensure that it can not be used to reset or configure the switch in any way. Is this possible? I see that it requires level 15 access to login, which is the highest privilege level.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anonymous (not verified) Thu, 06/21/2007 - 11:05
User Badges:

Cisco ASDM Version 5.0F integrates an array of robust security services to prevent unauthorized administrative access to a device. It supports a wide range of methods for authenticating administrators, including a local authentication database on a Cisco FWSM, or via a RADIUS/TACACS server. All communications between Cisco ASDM (running on an administrator's computer) and the security appliance are encrypted using Secure Sockets Layer (SSL) with either 56-bit Data Encryption Standard (DES) or the more secure 168-bit Triple DES (3DES) algorithm. Cisco ASDM supports up to 16 levels of customizable administrative access, granting administrators and operations personnel the appropriate level of permissions for every Cisco security appliance they manage (for example, monitor-only, read-only access to the configuration).

http://cisco.com/en/US/products/hw/modules/ps2706/products_data_sheet0900aecd803ded77.html


johnnylingo Thu, 06/21/2007 - 12:17
User Badges:
  • Bronze, 100 points or more

Nice, but this question is for a switch, not a PIX or ASA. The answer that I got from TAC was no; since it requires level 15 access there is no way to make it read-only.




I award you no points, and may God have mercy on your soul.

Actions

This Discussion