Users and privilege levels

Answered Question
Aug 9th, 2007

I want to create a user on my 1720 so other IT people can log in but have limited privileges. All I really want them to be able to do is see the output of a 'sh int Sx/x' or 'sh service-module' to see if a T1 circuit is down. I have an encrypted secret password which I won't give out so it should keep them from doing an 'enable' but I'm not sure. Any help would be appreciated.

Correct Answer by wochanda about 9 years 6 months ago

line vty 0 4

login local

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
wochanda Thu, 08/09/2007 - 06:47

Of these 2 commands, only 'show interface' is supported at the disable prompt (>) by default. The easiest way I can think to accommodate both commands is to change the privilege level for the 'show service-module' command. To do that you can configure:

2811-113(config)#privilege exec level 0 show service-module

This will allow you to do the 'show service-module' command from the disable prompt.

If you need to get more advanced with this, you can create different privilege levels and make logins for each. For more about this, look at this link:

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00803f3bb7.html

qbakies11 Thu, 08/09/2007 - 07:12

Ok, that was helpful, but I don't see in that document how to get it to prompt for a UN/PW when you connect through telnet. Right now when I telnet in it just prompts me for the telnet password that I have set and not for user credentials. It did let me create users however.

Actions

This Discussion