Why do the users need unrestricted level 15 enable access? Even if they need enable for some things, why not setup an intermediate privilege level user with only the privileged commands they need allowed. See this guide for more details.
If a user can "write erase" then the on-device configuration is gone. External intervention of some type is necessary. A backup copy of the desired configuration can be stored offline and one can "copy tftp (or other method - ftp, scp etc.) run" to restore it. You could store a known good config on the device's flash and copy it to running-config as well (but a level 15 user could delete that as well).
As I mentioned in paragraph 2 of my original reply - I'm pretty sure external intervention would be required to pull a baseline configuration onto the device with the your aaa (and any other critical bits).
I would argue that if the users must have enough privilege to "write erase" then they need to accept the responsibility of doing a restore.
If that's unfeasible, you could have your machines set up for autoinstall from a local tftp server. See this link for details on how that works.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...