Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Custom privilege level for CSM commands

Is there a way to creat a custom privilege level to allow a user access to only CSM config commands while in config mode?? I'm trying to allow members of our server/web team to check on the status of the web servers and to take them out of service for maintenance....and not allow them access to change any other configs on the switch.

Thanks...Jeff

4 REPLIES
Bronze

Re: Custom privilege level for CSM commands

No. I don't think there is way to creat a custom privilege level to allow a user access to only CSM config commands while in config mode

New Member

Re: Custom privilege level for CSM commands

You can do it with TACACS config authorization enabled.

Create a shell command list on ACS/TACACS and apply to the user.

New Member

Re: Custom privilege level for CSM commands

Here is an exampel for enable 5

enable secret level 5

privilege slb-lam-mode-real level 5 no inservice

privilege slb-lam-mode-real level 5 inservice

privilege slb-lam-mode-real level 5 inservice standby

privilege slb-lam-mode-csm-sfarm level 5 real

privilege slb-lam-mode-csm-sfarm level 5 real name

privilege slb-lam-mode-csm level 5 server

privilege configure level 5 module csm

privilege exec level 5 conf t

privilege exec level 5 exit

New Member

Re: Custom privilege level for CSM commands

Thanks for the responses. I am currently running aaa with Radius, so I had to use local accounts to assign custom priviledge levels. Thanks Mats for the command strings.

Jeff

179
Views
0
Helpful
4
Replies
CreatePlease login to create content