3750- 12.2(37) Different privilege level for interfaces

Unanswered Question
Feb 5th, 2008

I want to permit helpdesk people to change some interfaces parameters for let say fastethernet port only. Since my uplink are Gigabit, I would like blocking them any changes on those.

Does anybody know a way to control that ? I am able with the privilege command to open change for interface command but it seem that i can not be more granular !

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mchin345 Mon, 02/11/2008 - 13:43

You can enable role based cli through this each user can access some set of commands and interfaces only.

robetrem Tue, 02/12/2008 - 05:35

Am I able to define 2 sets of interfaces: one that can permit users to modify their parameters and the others not allowing that ?

If yes can you be explicit of how I can do that ?

Thanks

rgodden Wed, 02/13/2008 - 00:58

create some alias exec commands to refer to interaces you want to allow and then setup user profile to use the alias exec commands.

robetrem Wed, 02/13/2008 - 12:01

1) from my tests, commands embedded in alias are check against user profile, so you can not fool the system.

2) Giving the interface command, I am not able to specify which interface they can go or not!.

Somebody have a clue to simulate below:

Extra note : I want to be able to create 2 group of interfaces, let say: uplinkport and userport. Uplinkport could only be change by privilege 15 and userport by a different privilege,

rgodden Thu, 02/14/2008 - 02:16

have you tried to put the alias into a menu for each type of user ?

Actions

This Discussion