Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1088
Views
0
Helpful
0
Replies

Nexus 5k local user role permissions

BrianEschen
Level 1
Level 1

‎06-24-2015 09:10 AM - edited ‎02-21-2020 05:31 AM

I am trying to create a custom role for a local user on the switch. Does anyone have some experience? I only want it to have access to do these 3 commands:

show queuing interface ethernet 1/3
show interface ethernet 1/3 counters detailed
show interface port-channel 3 counters detailed

this is the config I came up with, but I must be missing something...

Role: overrunROLE
  Description: ROLE for locking down overrun user
  vsan policy: permit (default)
  Vlan policy: deny
  Permitted vlans: none
  Interface policy: deny
  Permitted interfaces:
  port-channel3
  Ethernet1/3
  Vrf policy: deny
  Permitted vrfs:
  -------------------------------------------------------------------
  Rule    Perm    Type        Scope               Entity
  -------------------------------------------------------------------
  4       permit  command                         show queuing interface ethernet 1/3
  3       permit  command                         show interface ethernet 1/3 counters detailed
  2       permit  command                         show interface port-channel 3 counters detailed

This is what happens on the switch when I try to enter the commands I can go as far as entering the interface number and then I get the permission deny error.

n5k# ?
  configure  Enter configuration mode
  show       Show running system information
  end        Go to exec mode
  exit       Exit from command interpreter

n5k# show ?
  interface  Show interface status and information
  queuing    Show interface queuing information

n5k# show interface ?
  <CR>
  >             Redirect it to a file
  >>            Redirect it to a file in append mode
  ethernet      Ethernet IEEE 802.3z
  port-channel  Port Channel interface
  |             Pipe command output to filter

n5k# show interface ethernet 1/3
% Permission denied for the role

n5k# show interface port-channel 3
% Permission denied for the role

n5k# show queuing interface ?
  <CR>
  >         Redirect it to a file
  >>        Redirect it to a file in append mode
  ethernet  Ethernet IEEE 802.3z
  |         Pipe command output to filter

n5k# show queuing interface ethernet 1/3
% Permission denied for the role
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card