02-05-2008 01:40 PM - edited 03-05-2019 08:57 PM
I want to permit helpdesk people to change some interfaces parameters for let say fastethernet port only. Since my uplink are Gigabit, I would like blocking them any changes on those.
Does anybody know a way to control that ? I am able with the privilege command to open change for interface command but it seem that i can not be more granular !
02-11-2008 01:43 PM
You can enable role based cli through this each user can access some set of commands and interfaces only.
02-12-2008 05:35 AM
Am I able to define 2 sets of interfaces: one that can permit users to modify their parameters and the others not allowing that ?
If yes can you be explicit of how I can do that ?
Thanks
02-13-2008 12:58 AM
create some alias exec commands to refer to interaces you want to allow and then setup user profile to use the alias exec commands.
02-13-2008 12:01 PM
1) from my tests, commands embedded in alias are check against user profile, so you can not fool the system.
2) Giving the interface command, I am not able to specify which interface they can go or not!.
Somebody have a clue to simulate below:
Extra note : I want to be able to create 2 group of interfaces, let say: uplinkport and userport. Uplinkport could only be change by privilege 15 and userport by a different privilege,
02-14-2008 02:16 AM
have you tried to put the alias into a menu for each type of user ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide