I've got a few hundred edge user switches (mostly 2950s) which I've setup for AAA with ACS 4.0 to allow some technicians to access the edge switches and change speed/duplex/description and shutdown/no shutdown the fastethernet interfaces only (the gigabitethernet being used for uplinks).
The technicians access the switches using the switch web gui and the setup works fine. The shell command authorization set on the ACS allows the technicians to use the appropriate commands through the web gui e.g the cluster command.
Accessing the switches through the web gui has proved pretty slow and insecure with the 2950s not supporting https. I'm having a look at replacing the technician's access with Cisco Network Assistant CNA (v5.4) and I'm having a few problems:
1 when I change a fastethernet interface description, the command that the ACS authorizes is simply âservice=shell cmd=description 1 <cr>â with no mention of whether the interface is fastethernet or gigabitethernet. If I authorize the description/speed/duplex commands they can be used on both fastethernet and gigabitethernet
2 when I modify a port setting on a 2950 using CNA and click âPreview CLIâ the resulting window is blank whereas it isn't with a 2960.
Is it possible to have the particular granular access I'm looking for with CNA/ACS and the 2950 platform? Used a number of IOS revs including latest. Management are keen to use some form of GUI for this rather than giving out cli access to the switches.