10-02-2005 10:50 PM - edited 03-03-2019 12:14 AM
Hi,
I'm in the process of changing the passwords for all Cisco devices in my Network. As of now, everyone in Network Group can change the secret password , creation/deletion of vlan and changing port speed , checking logs etc..
As per new requirement , we are forming Network Operations Group , will do change of ports to different Vlan , change of port speed , checking logs etc.. and creation of Vlans and change of secret password will be Network Admin people. I want to create a local users for Network Operators in Cisco devices for doing above activities and they should not use secret password for doing above activities. What is the level of permission should I give and secret password will not be given to them.
Thanks
Raju
10-02-2005 11:04 PM
Hi
Would suggest to set different privilege levels and assign the activities like executing show commands accordingly to each privilege level.
keep privilege level 15 reserved coz that has the whole super level access to your box.
for more info do refer this link ..
regds
10-02-2005 11:31 PM
The best thing to do in such a case is to install a TACACS server. There will be the advantage of AAA though there may be cost overheads depending on the TACACS model.
10-03-2005 01:40 AM
Raju,
Please see my prevous post on the same.
This will help you on this :
regards,
-amit singh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide