limited priv on router/switch

Unanswered Question
Jul 19th, 2010
User Badges:

Hello


How do I allow  a user with limited command privilege on a router and switch


user once ssh to the router or switch can run these command on the router.

show cdp neigh

show ip interface brief

ping


user will be created locally  on the switch or router


==== I tested this but doesnt work ===============



aaa authentication login default local
aaa authorization exec default local


username admin priv 15 password abcd

username  helpdesk priv 0 password helpdesk


priv exec level 0 ping
priv exec level 0 sh interface
priv exec level 0 show cdp neigh
priv exec level 15 clear line


line vty 0 4
priv level 15
tranport input telnet ssh


=========================================

thanks

ST

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Chetan Kumar Ress Mon, 07/19/2010 - 13:35
User Badges:
  • Silver, 250 points or more

Hi Saquib


You should not user privi 15 user line vty.  Without configuring AAA you can use below command to achive what you want.


priv exec level 0 ping
priv exec level 0 sh interface
priv exec level 0 show cdp neigh
priv exec level 15 clear line  ---- no need to config this command , Priv 15 is having  all access


line vty 0 4
login local

tranport input telnet ssh



Regards

Chetan Kumar

Ganesh Hariharan Mon, 07/19/2010 - 22:52
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hello


How do I allow  a user with limited command privilege on a router and switch


user once ssh to the router or switch can run these command on the router.

show cdp neigh

show ip interface brief

ping


user will be created locally  on the switch or router


==== I tested this but doesnt work ===============



aaa authentication login default local
aaa authorization exec default local


username admin priv 15 password abcd

username  helpdesk priv 0 password helpdesk


priv exec level 0 ping
priv exec level 0 sh interface
priv exec level 0 show cdp neigh
priv exec level 15 clear line


line vty 0 4
priv level 15
tranport input telnet ssh


=========================================

thanks

ST


Hi ST,


In order to create local data base you can use the command to create a user database


username admin priv 15 password cisco

username bob priv 7 password cisco


Following username will be assign with privillage 15 and 7 respectively,Once these users are created, you need to enable the login on the lines  to use the local database instead of just the line password, or no  password at all.


To tell each line to use these new user logins, you must go to each line  and perform the login local command.


and in order to restrict some privillage level to use the command check out the below link for ios privillage level command in cisco


http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml


Hope to Help !!


Ganesh.H


Remember to rate the helpful post

Actions

This Discussion