Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

local aaa privileges

I want to be able to set up

read only access to one of our cisco routers while letting the other users still be able to get into enable and config mode.

My current config ( without the read only access user) is as follows

aaa new-model
aaa authentication login default local-case
aaa authentication login NO_AUTHENT none
aaa authorization exec default local

username x password y

Thank you.

Everyone's tags (4)
4 REPLIES

Re: local aaa privileges

You can set a different privilege in the username command, so your view user could look like

username view privilege 1 secret

where view is the username.

New Member

Re: local aaa privileges

Hi,

I tried that on a test router logging into the console port and I could not log in with a privilege level of 1.  I could log in with a privilege level of 3.  However, it let me make changes to the router in config mode. My goal is to allow the account to run show commands on the router and have read only access.

Thoughts?

Cisco Employee

Re: local aaa privileges

You would need to move the "show command" to level 3.

Use command "privilege exec level 6 show".

I hope it helps.

PK

Purple

Re: local aaa privileges

If your IOS is greater than 12.3(7)T  then you could use role-based CLI.

Don't forget to rate helpful posts.
952
Views
0
Helpful
4
Replies
CreatePlease login to create content