With catos and a tacacs server: create a ciscosecure group and restrict the available command set with group settings. Then use the 'set authorization commands.." command on the switch. I've set this up to allow some admins to only use the 'show port' and 'set vlan xyz' commands.
If you need more details or snippets of config, post again and I'll send some along.
It happens that I'm the only one needing to access and configure the VLAN ports (yes, using the set vlan command and/or int f0/1; switch port trunk native vlan xyz) however the people who have access, they don't know how to configure it.
So it would be great if you could provide some sample configs.
For the tacacs server, basically what I did was create a CiscoSecure group called Support. I edited the group settings to allow only the 'enable' command, and the 'set' command with 'permit vlan xxx' as permitted arguments. I then mapped this CiscoSecure group to a Win2k AD group which contained Support accounts. Then added this config to my Cat switches:
set tacacs server 10.4.50.220 primary
set tacacs key xxxxx
set authentication login tacacs enable telnet primary
set authorization exec enable tacacs+ none telnet
set authorization commands enable config tacacs+ none console
set authorization commands enable config tacacs+ none telnet
Users in the Support group can now only run the commands configured on the CiscoSecure settings.
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...