Creating user with different permission

raju · ‎10-02-2005

Hi,

I'm in the process of changing the passwords for all Cisco devices in my Network. As of now, everyone in Network Group can change the secret password , creation/deletion of vlan and changing port speed , checking logs etc..

As per new requirement , we are forming Network Operations Group , will do change of ports to different Vlan , change of port speed , checking logs etc.. and creation of Vlans and change of secret password will be Network Admin people. I want to create a local users for Network Operators in Cisco devices for doing above activities and they should not use secret password for doing above activities. What is the level of permission should I give and secret password will not be given to them.

Thanks

Raju

spremkumar · ‎10-02-2005

Hi

Would suggest to set different privilege levels and assign the activities like executing show commands accordingly to each privilege level.

keep privilege level 15 reserved coz that has the whole super level access to your box.

for more info do refer this link ..

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00803f3bb7.html#wp1027188

regds

attrgautam · ‎10-02-2005

The best thing to do in such a case is to install a TACACS server. There will be the advantage of AAA though there may be cost overheads depending on the TACACS model.

amit-singh · ‎10-03-2005

Raju,

Please see my prevous post on the same.

This will help you on this :

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40.1dd94d1d/0#selected_message

regards,

-amit singh