Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Accessing to PDM in read-only mode

Hi all.

I have a Pix with ver 6.3 and I want to enable an access to it for the Customer in a read-only mode.

I ordinarily don't use aaa and privileges to avoid lock-out problems but now it seems I must face the topic.

I have 2 questions:

A. Is the following plan safe (and sufficient) to avoid lockout?

1. username admin password **** priv 15

2. username pdmuser password **** priv 5

3. aaa authentication http console LOCAL

4. privilege level 5 command ???

B. Which commands shoul I assign to privilege level 5 to let the user see the Home and the Monitoring Page completely?

Thank you

michele

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: Accessing to PDM in read-only mode

Hi Michele,

A. Yes, it is safe and sufficient not to lock out of the pix. Infact, your telnet/console will not be affected, only the PDM with the above config in place.

B. There are three different priv levels for PDM, Monitor (level 3), Read Only (level5) and admin (level 15). So, Monitor level is all it requires to get access to the Home Page and Monitoring page. Here is the procedure:

Turning on AAA for PDM:

-System properties

-Pix Admin

-Authentication/Authorization

-check HTTP/PDM box

-service group select LOCAL

-Check ENBALE AUTHORIZATION box

-service group select LOCAL

Creatting Users:

-User account -> user with level 15 and 3 (monitor)

Thanks,

Mynul.

1 REPLY
Silver

Re: Accessing to PDM in read-only mode

Hi Michele,

A. Yes, it is safe and sufficient not to lock out of the pix. Infact, your telnet/console will not be affected, only the PDM with the above config in place.

B. There are three different priv levels for PDM, Monitor (level 3), Read Only (level5) and admin (level 15). So, Monitor level is all it requires to get access to the Home Page and Monitoring page. Here is the procedure:

Turning on AAA for PDM:

-System properties

-Pix Admin

-Authentication/Authorization

-check HTTP/PDM box

-service group select LOCAL

-Check ENBALE AUTHORIZATION box

-service group select LOCAL

Creatting Users:

-User account -> user with level 15 and 3 (monitor)

Thanks,

Mynul.

117
Views
0
Helpful
1
Replies
CreatePlease login to create content