Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
397
Views
0
Helpful
2
Replies

Getting the Switch Web Interface to run at a lower privilege

blittrell
Level 1
Level 1

‎04-30-2008 01:08 PM - edited ‎03-10-2019 03:49 PM

Hi All,

What I really want is to allow my techs to use the Web interface on our 2960 and 3560 Switches to help troubleshoot issues.

I have it working throug Tacacs now but it order to login you have to have privilege of 15. I do not want to give my techs privelege 15 so I am trying to see if you can access the web console at a lower privelege.

Preferrably I would like the techs to see the pretty interface but not be able to make permanent changes.

Is this even possible? I tried doing this by setting the "ip http authentication aaa command-authorization 5 HTTPOnly". I then set the "aaa authorization command" for HTTPOnly to 5. This did not seem to allow a users with a Tacacs privilege of 5 to login. On the debug it is still asking to for level 15 privelege.

Any help would be apreciated.

Labels:
0 Helpful
2 Replies 2

Jagdeep Gambhir
Level 10
Level 10

‎05-01-2008 07:48 AM

I don't think that is possible. We need to have priv 15 for http accesses. It is possible with ASA asdm but not sure about SDM.

Will check it and let you know.

Regards,

~JG

0 Helpful

blittrell
Level 1
Level 1
In response to Jagdeep Gambhir

‎05-01-2008 08:07 AM

Thanks for checking:)

Was also wondering what the command-authorization is for, if not to set the privelege level for accessing the SDM.

Thanks!!

0 Helpful
Customers Also Viewed These Support Documents