04-30-2008 01:08 PM - edited 03-10-2019 03:49 PM
Hi All,
What I really want is to allow my techs to use the Web interface on our 2960 and 3560 Switches to help troubleshoot issues.
I have it working throug Tacacs now but it order to login you have to have privilege of 15. I do not want to give my techs privelege 15 so I am trying to see if you can access the web console at a lower privelege.
Preferrably I would like the techs to see the pretty interface but not be able to make permanent changes.
Is this even possible? I tried doing this by setting the "ip http authentication aaa command-authorization 5 HTTPOnly". I then set the "aaa authorization command" for HTTPOnly to 5. This did not seem to allow a users with a Tacacs privilege of 5 to login. On the debug it is still asking to for level 15 privelege.
Any help would be apreciated.
05-01-2008 07:48 AM
I don't think that is possible. We need to have priv 15 for http accesses. It is possible with ASA asdm but not sure about SDM.
Will check it and let you know.
Regards,
~JG
05-01-2008 08:07 AM
Thanks for checking:)
Was also wondering what the command-authorization is for, if not to set the privelege level for accessing the SDM.
Thanks!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide