Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Getting the Switch Web Interface to run at a lower privilege

Hi All,

What I really want is to allow my techs to use the Web interface on our 2960 and 3560 Switches to help troubleshoot issues.

I have it working throug Tacacs now but it order to login you have to have privilege of 15. I do not want to give my techs privelege 15 so I am trying to see if you can access the web console at a lower privelege.

Preferrably I would like the techs to see the pretty interface but not be able to make permanent changes.

Is this even possible? I tried doing this by setting the "ip http authentication aaa command-authorization 5 HTTPOnly". I then set the "aaa authorization command" for HTTPOnly to 5. This did not seem to allow a users with a Tacacs privilege of 5 to login. On the debug it is still asking to for level 15 privelege.

Any help would be apreciated.

2 REPLIES

Re: Getting the Switch Web Interface to run at a lower privilege

I don't think that is possible. We need to have priv 15 for http accesses. It is possible with ASA asdm but not sure about SDM.

Will check it and let you know.

Regards,

~JG

New Member

Re: Getting the Switch Web Interface to run at a lower privilege

Thanks for checking:)

Was also wondering what the command-authorization is for, if not to set the privelege level for accessing the SDM.

Thanks!!

144
Views
0
Helpful
2
Replies