What I really want is to allow my techs to use the Web interface on our 2960 and 3560 Switches to help troubleshoot issues.
I have it working throug Tacacs now but it order to login you have to have privilege of 15. I do not want to give my techs privelege 15 so I am trying to see if you can access the web console at a lower privelege.
Preferrably I would like the techs to see the pretty interface but not be able to make permanent changes.
Is this even possible? I tried doing this by setting the "ip http authentication aaa command-authorization 5 HTTPOnly". I then set the "aaa authorization command" for HTTPOnly to 5. This did not seem to allow a users with a Tacacs privilege of 5 to login. On the debug it is still asking to for level 15 privelege.
Any help would be apreciated.