09-18-2005 09:04 PM - edited 03-03-2019 12:05 AM
Hi..
I am having about 200 switches in my Campus Area network.Access switches 2950/3524//3548/2924 Distribution switches 2912 & core 6506 I want to crate User with alimited acces to privillage mode of switchport enable of disable.Suggest me a solution for the same.
With regards,
Shailen
Solved! Go to Solution.
09-18-2005 10:11 PM
Shailen,
You can do it with 2 options :
1. Enable AAA on your switches and have your access control policies defined on your ACS server.
2. USe your switche's local database and define the priviledge levels based on the user polocies. For setting it up on switches please do the following :
create a username and password and assign it a level.
conf t
username ABC priviledge 5 password ****
privilege exec level 5 show run <- this command will allow the user to only run the " show run " command.
privilege configure level 5 XXXX<--- This command will only allow to run the following command in global configuration.
privilege interface level 5 XXXX <--- This will allow to run the command given after the Level 5, to run under the interface.
I would suggest to first try this out in a Lab or on a free switch before imlpementing it as you need to give a lot of thinking to use and run the commands on diff modes. Always have another telnet session open to your switches when you implement it so that if you are knocked out of it, you are able to access it and revert the changes.
HTH,
-amit singh
09-18-2005 10:11 PM
Shailen,
You can do it with 2 options :
1. Enable AAA on your switches and have your access control policies defined on your ACS server.
2. USe your switche's local database and define the priviledge levels based on the user polocies. For setting it up on switches please do the following :
create a username and password and assign it a level.
conf t
username ABC priviledge 5 password ****
privilege exec level 5 show run <- this command will allow the user to only run the " show run " command.
privilege configure level 5 XXXX<--- This command will only allow to run the following command in global configuration.
privilege interface level 5 XXXX <--- This will allow to run the command given after the Level 5, to run under the interface.
I would suggest to first try this out in a Lab or on a free switch before imlpementing it as you need to give a lot of thinking to use and run the commands on diff modes. Always have another telnet session open to your switches when you implement it so that if you are knocked out of it, you are able to access it and revert the changes.
HTH,
-amit singh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: