user accounts ???

Unanswered Question
Sep 5th, 2007

Dear All,

I want to make accounts for each user access the Cisco devices. but is there a way that for example if I created a username as aaa and password as bbb

is there a way that user aaa can change his/her password by him self , but he/she at the same time should be unable to change other passwords for the other users.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Wed, 09/12/2007 - 06:37


Perhaps there is some ambiguity in the post from Mohammad which he could clarify. When he talks about creating user accounts I am not clear whether he is talking about creating user accounts directly on the router using the command username (I assume that this is what he intends) or whether he is talking about creating user accounts in a TACACS or Radius server and configuring aaa authentication on the cisco device. Perhaps we can get some clarification on this.

If it is user accounts directly on the router then for aaa to change his password he must have privilege level 15 and access to configuration mode. In this case he can change the password of anyone. Without access to configuration mode aaa can not change his own password.

If the user account is on a TACACS or Radius server there is usually an ability for the user to change their own password but not to change passwords for any other users.



mohammad-yousef Mon, 09/17/2007 - 03:50

Thanks for you both,

I was asking in general for both cases using CLI or using AAA servers.

Now the question is how to make it using ACS server , I mean how to create users that are able to change only their passwords and able to do anything but unable to change others passwords ???

Thanks in advance..


This Discussion