Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

3750- 12.2(37) Different privilege level for interfaces

I want to permit helpdesk people to change some interfaces parameters for let say fastethernet port only. Since my uplink are Gigabit, I would like blocking them any changes on those.

Does anybody know a way to control that ? I am able with the privilege command to open change for interface command but it seem that i can not be more granular !

5 REPLIES
Silver

Re: 3750- 12.2(37) Different privilege level for interfaces

You can enable role based cli through this each user can access some set of commands and interfaces only.

New Member

Re: 3750- 12.2(37) Different privilege level for interfaces

Am I able to define 2 sets of interfaces: one that can permit users to modify their parameters and the others not allowing that ?

If yes can you be explicit of how I can do that ?

Thanks

New Member

Re: 3750- 12.2(37) Different privilege level for interfaces

create some alias exec commands to refer to interaces you want to allow and then setup user profile to use the alias exec commands.

New Member

Re: 3750- 12.2(37) Different privilege level for interfaces

1) from my tests, commands embedded in alias are check against user profile, so you can not fool the system.

2) Giving the interface command, I am not able to specify which interface they can go or not!.

Somebody have a clue to simulate below:

Extra note : I want to be able to create 2 group of interfaces, let say: uplinkport and userport. Uplinkport could only be change by privilege 15 and userport by a different privilege,

New Member

Re: 3750- 12.2(37) Different privilege level for interfaces

have you tried to put the alias into a menu for each type of user ?

163
Views
0
Helpful
5
Replies