Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
692
Views
0
Helpful
2
Replies

limited priv on router/switch

saquib.tandel
Level 1
Level 1

‎07-19-2010 01:10 PM - edited ‎03-06-2019 12:05 PM

Hello

How do I allow  a user with limited command privilege on a router and switch

user once ssh to the router or switch can run these command on the router.

show cdp neigh

show ip interface brief

ping

user will be created locally  on the switch or router

==== I tested this but doesnt work ===============

aaa authentication login default local
aaa authorization exec default local

username admin priv 15 password abcd

username  helpdesk priv 0 password helpdesk

priv exec level 0 ping
priv exec level 0 sh interface
priv exec level 0 show cdp neigh
priv exec level 15 clear line

line vty 0 4
priv level 15
tranport input telnet ssh

=========================================

thanks

ST

Labels:
0 Helpful
2 Replies 2

Chetan Kumar Ress
Level 4
Level 4

‎07-19-2010 01:35 PM

Hi Saquib

You should not user privi 15 user line vty.  Without configuring AAA you can use below command to achive what you want.

priv exec level 0 ping
priv exec level 0 sh interface
priv exec level 0 show cdp neigh
priv exec level 15 clear line  ---- no need to config this command , Priv 15 is having  all access

line vty 0 4
login local

tranport input telnet ssh

Regards

Chetan Kumar

0 Helpful

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎07-19-2010 10:52 PM 

Hello
How do I allow  a user with 
limited command privilege on a router and switch
user once 
ssh to the router or switch can run these command on the router.
show
 cdp neigh
show ip interface brief
ping
user will be
 created locally  on the switch or router
==== I tested this but doesnt work 
===============
aaa
 authentication login default local
aaa authorization exec default 
local
username
 admin priv 15 password abcd
username  helpdesk priv 0 password 
helpdesk
priv
 exec level 0 ping 
priv exec level 0 sh interface 
priv exec 
level 0 show cdp neigh
priv exec level 15 clear line
line vty 0 4
priv
 level 15
tranport input telnet ssh
=========================================
thanks
ST

Hi ST,

In order to create local data base you can use the command to create a user database

username admin priv 15 password cisco

username bob priv 7 password cisco

Following username will be assign with privillage 15 and 7 respectively,Once these users are created, you need to enable the login on the lines  to use the local database instead of just the line password, or no  password at all.

To tell each line to use these new user logins, you must go to each line  and perform the login local command.

and in order to restrict some privillage level to use the command check out the below link for ios privillage level command in cisco

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card