05-12-2006 06:05 AM
Is there a way to creat a custom privilege level to allow a user access to only CSM config commands while in config mode?? I'm trying to allow members of our server/web team to check on the status of the web servers and to take them out of service for maintenance....and not allow them access to change any other configs on the switch.
Thanks...Jeff
05-18-2006 06:08 AM
No. I don't think there is way to creat a custom privilege level to allow a user access to only CSM config commands while in config mode
05-20-2006 11:13 PM
You can do it with TACACS config authorization enabled.
Create a shell command list on ACS/TACACS and apply to the user.
05-30-2006 06:58 AM
Here is an exampel for enable 5
enable secret level 5
privilege slb-lam-mode-real level 5 no inservice
privilege slb-lam-mode-real level 5 inservice
privilege slb-lam-mode-real level 5 inservice standby
privilege slb-lam-mode-csm-sfarm level 5 real
privilege slb-lam-mode-csm-sfarm level 5 real name
privilege slb-lam-mode-csm level 5 server
privilege configure level 5 module csm
privilege exec level 5 conf t
privilege exec level 5 exit
05-31-2006 05:10 AM
Thanks for the responses. I am currently running aaa with Radius, so I had to use local accounts to assign custom priviledge levels. Thanks Mats for the command strings.
Jeff
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: