Cisco Support Community
Community Member

6500's privileges to tech's

Hi all,

Wondering how to implement this:

I have a few techs that need access to the switches to view port configurations.

Although I DO NOT want to give them the enable password.

How can I setup a differente enable password and give them only VIEW (a.k.a. Show) capabilities?

Thanks for your help.


Re: 6500's privileges to tech's

Use AAA and assign privilege levels to user accounts.

Hope that helps

Community Member

Re: 6500's privileges to tech's

If the Tech's know what the Enabled password is, is there a way to block them from actualy typing 'enable' ?

Re: 6500's privileges to tech's

Yes, well actually they can type it, but they will get an error back.

*There are multiple ways to configure privilege levels and depending on how YOU do it, will depends on the results.

Community Member

Re: 6500's privileges to tech's

ok, can't seem to figure out how to restrict access to the 'enable' ...

I have a username created with privilege level 2, I dont want him to be able to enter enable as he knows the enabled password...

How do I do this?

I only want this user to do show commands... that's it.

Re: 6500's privileges to tech's

In AAA you need to configure Authorization. If you want to use local authentication and privilege levels, you have to "move" the commands to level 2 and then change the enable password.

CreatePlease to create content