Configuring users

Answered Question
Sep 6th, 2008
User Badges:

I would like to configure 2 groups of users on my 4500s using local authentication .The first group would have access only to the show commands and at the test tdr commands.The other user group would have unlimited access.Is it possible to do it through local authentication or i have to use a RADIUS or TACACS+ server?Keep in mind that the users will access the switches through telnet

Correct Answer by Jagdeep Gambhir about 8 years 8 months ago

If you go for Local use local authentication /authorization then you need to do it on per user basis and not on group basis. Locally we don't have any group. See this link


http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml


Best way to manage this set up is via radius or tacacs and set up command authorization using tacacs.


http://cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml


Regards,

~JG


Do rate helpful posts


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jagdeep Gambhir Sat, 09/06/2008 - 06:02
User Badges:
  • Red, 2250 points or more

If you go for Local use local authentication /authorization then you need to do it on per user basis and not on group basis. Locally we don't have any group. See this link


http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml


Best way to manage this set up is via radius or tacacs and set up command authorization using tacacs.


http://cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml


Regards,

~JG


Do rate helpful posts


k.protopapas Wed, 09/10/2008 - 00:40
User Badges:

Further to that i would like to log the configuration changes on the switches.

Actions

This Discussion