3750- 12.2(37) Different privilege level for interfaces

Unanswered Question
Feb 5th, 2008
User Badges:

I want to permit helpdesk people to change some interfaces parameters for let say fastethernet port only. Since my uplink are Gigabit, I would like blocking them any changes on those.

Does anybody know a way to control that ? I am able with the privilege command to open change for interface command but it seem that i can not be more granular !

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mchin345 Mon, 02/11/2008 - 13:43
User Badges:
  • Silver, 250 points or more

You can enable role based cli through this each user can access some set of commands and interfaces only.

robetrem Tue, 02/12/2008 - 05:35
User Badges:

Am I able to define 2 sets of interfaces: one that can permit users to modify their parameters and the others not allowing that ?

If yes can you be explicit of how I can do that ?


rgodden Wed, 02/13/2008 - 00:58
User Badges:
  • Bronze, 100 points or more

create some alias exec commands to refer to interaces you want to allow and then setup user profile to use the alias exec commands.

robetrem Wed, 02/13/2008 - 12:01
User Badges:

1) from my tests, commands embedded in alias are check against user profile, so you can not fool the system.

2) Giving the interface command, I am not able to specify which interface they can go or not!.

Somebody have a clue to simulate below:

Extra note : I want to be able to create 2 group of interfaces, let say: uplinkport and userport. Uplinkport could only be change by privilege 15 and userport by a different privilege,

rgodden Thu, 02/14/2008 - 02:16
User Badges:
  • Bronze, 100 points or more

have you tried to put the alias into a menu for each type of user ?


This Discussion