Getting the Switch Web Interface to run at a lower privilege

Unanswered Question
Apr 30th, 2008
User Badges:

Hi All,

What I really want is to allow my techs to use the Web interface on our 2960 and 3560 Switches to help troubleshoot issues.

I have it working throug Tacacs now but it order to login you have to have privilege of 15. I do not want to give my techs privelege 15 so I am trying to see if you can access the web console at a lower privelege.

Preferrably I would like the techs to see the pretty interface but not be able to make permanent changes.

Is this even possible? I tried doing this by setting the "ip http authentication aaa command-authorization 5 HTTPOnly". I then set the "aaa authorization command" for HTTPOnly to 5. This did not seem to allow a users with a Tacacs privilege of 5 to login. On the debug it is still asking to for level 15 privelege.

Any help would be apreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jagdeep Gambhir Thu, 05/01/2008 - 07:48
User Badges:
  • Red, 2250 points or more

I don't think that is possible. We need to have priv 15 for http accesses. It is possible with ASA asdm but not sure about SDM.

Will check it and let you know.



blittrell Thu, 05/01/2008 - 08:07
User Badges:

Thanks for checking:)

Was also wondering what the command-authorization is for, if not to set the privelege level for accessing the SDM.



This Discussion