Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
305
Views
0
Helpful
1
Replies

Limited Privilage rights to user on 2900 Series.3500 Series switches

Go to solution
shailenmehta
Level 1
Level 1

‎09-18-2005 09:04 PM - edited ‎03-03-2019 12:05 AM

Hi..

I am having about 200 switches in my Campus Area network.Access switches 2950/3524//3548/2924 Distribution switches 2912 & core 6506 I want to crate User with alimited acces to privillage mode of switchport enable of disable.Suggest me a solution for the same.

With regards,

Shailen

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
amit-singh
Level 8
Level 8

‎09-18-2005 10:11 PM

Shailen,

You can do it with 2 options :

1. Enable AAA on your switches and have your access control policies defined on your ACS server.

2. USe your switche's local database and define the priviledge levels based on the user polocies. For setting it up on switches please do the following :

create a username and password and assign it a level.

conf t

username ABC priviledge 5 password ****

privilege exec level 5 show run <- this command will allow the user to only run the " show run " command.

privilege configure level 5 XXXX<--- This command will only allow to run the following command in global configuration.

privilege interface level 5 XXXX <--- This will allow to run the command given after the Level 5, to run under the interface.

I would suggest to first try this out in a Lab or on a free switch before imlpementing it as you need to give a lot of thinking to use and run the commands on diff modes. Always have another telnet session open to your switches when you implement it so that if you are knocked out of it, you are able to access it and revert the changes.

HTH,

-amit singh

View solution in original post

0 Helpful
1 Reply 1

Go to solution
amit-singh
Level 8
Level 8

‎09-18-2005 10:11 PM

Shailen,

You can do it with 2 options :

1. Enable AAA on your switches and have your access control policies defined on your ACS server.

2. USe your switche's local database and define the priviledge levels based on the user polocies. For setting it up on switches please do the following :

create a username and password and assign it a level.

conf t

username ABC priviledge 5 password ****

privilege exec level 5 show run <- this command will allow the user to only run the " show run " command.

privilege configure level 5 XXXX<--- This command will only allow to run the following command in global configuration.

privilege interface level 5 XXXX <--- This will allow to run the command given after the Level 5, to run under the interface.

I would suggest to first try this out in a Lab or on a free switch before imlpementing it as you need to give a lot of thinking to use and run the commands on diff modes. Always have another telnet session open to your switches when you implement it so that if you are knocked out of it, you are able to access it and revert the changes.

HTH,

-amit singh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents