We have started deploying some 3650 and 3750 switches in a healthcare environment. They will be managed by one senior and two junior engineers. While I like using the web based device manager to do a quick check of the port utilization and general health of a switch, I would like to ensure that it can not be used to reset or configure the switch in any way. Is this possible? I see that it requires level 15 access to login, which is the highest privilege level.
Cisco ASDM Version 5.0F integrates an array of robust security services to prevent unauthorized administrative access to a device. It supports a wide range of methods for authenticating administrators, including a local authentication database on a Cisco FWSM, or via a RADIUS/TACACS server. All communications between Cisco ASDM (running on an administrator's computer) and the security appliance are encrypted using Secure Sockets Layer (SSL) with either 56-bit Data Encryption Standard (DES) or the more secure 168-bit Triple DES (3DES) algorithm. Cisco ASDM supports up to 16 levels of customizable administrative access, granting administrators and operations personnel the appropriate level of permissions for every Cisco security appliance they manage (for example, monitor-only, read-only access to the configuration).
Nice, but this question is for a switch, not a PIX or ASA. The answer that I got from TAC was no; since it requires level 15 access there is no way to make it read-only.
I award you no points, and may God have mercy on your soul.
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
