07-19-2010 01:10 PM - edited 03-06-2019 12:05 PM
Hello
How do I allow a user with limited command privilege on a router and switch
user once ssh to the router or switch can run these command on the router.
show cdp neigh
show ip interface brief
ping
user will be created locally on the switch or router
==== I tested this but doesnt work ===============
aaa authentication login default local
aaa authorization exec default local
username admin priv 15 password abcd
username helpdesk priv 0 password helpdesk
priv exec level 0 ping
priv exec level 0 sh interface
priv exec level 0 show cdp neigh
priv exec level 15 clear line
line vty 0 4
priv level 15
tranport input telnet ssh
=========================================
thanks
ST
07-19-2010 01:35 PM
Hi Saquib
You should not user privi 15 user line vty. Without configuring AAA you can use below command to achive what you want.
priv exec level 0 ping
priv exec level 0 sh interface
priv exec level 0 show cdp neigh
priv exec level 15 clear line ---- no need to config this command , Priv 15 is having all access
line vty 0 4
login local
tranport input telnet ssh
Regards
Chetan Kumar
07-19-2010 10:52 PM
Hello
How do I allow a user with limited command privilege on a router and switch
user once ssh to the router or switch can run these command on the router.
show cdp neigh
show ip interface brief
ping
user will be created locally on the switch or router
==== I tested this but doesnt work ===============
aaa authentication login default local
aaa authorization exec default localusername admin priv 15 password abcd
username helpdesk priv 0 password helpdesk
priv exec level 0 ping
priv exec level 0 sh interface
priv exec level 0 show cdp neigh
priv exec level 15 clear lineline vty 0 4
priv level 15
tranport input telnet ssh=========================================
thanks
ST
Hi ST,
In order to create local data base you can use the command to create a user database
username admin priv 15 password cisco
username bob priv 7 password cisco
Following username will be assign with privillage 15 and 7 respectively,Once these users are created, you need to enable the login on the lines to use the local database instead of just the line password, or no password at all.
To tell each line to use these new user logins, you must go to each line and perform the login local command.
and in order to restrict some privillage level to use the command check out the below link for ios privillage level command in cisco
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml
Hope to Help !!
Ganesh.H
Remember to rate the helpful post
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: