Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Allow some commands and restrict other commands for the User

Hi to all,

I dont have ACS and any firewalls.Anywhere from the intranet can access all the commands in the router.I Configured the AAA using local database and created only 2 usernames.I want the other user shoult use only few commands in the user & privilaged levels.I can't use the privilage level for a user.How can i authorize the user to use the perticular 3 commands.

Also i want to configure the accounting in which i need to track the commands used by the user.Any one suggest me how to do it in a normal IOS12.2 version.

Thanks

Raj

1 REPLY
Cisco Employee

Re: Allow some commands and restrict other commands for the User

Raj,

Below are URLs which will walk you through example of configuring local AAA router authorization and accounting.

Note that you can not do accounting for command(s) on a local router, you need a AAA server for that, although you can use accounting for exec sessions locally.

Implementing Local Router Authorization

-------------------------------------------------------

http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/secsols/aaasols/c262c2.htm#xtocid160214

Implementing Local Router Accounting

-------------------------------------------------------

http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/secsols/aaasols/c262c2.htm#xtocid160215

Hope that helps.

R/Yusuf

89
Views
0
Helpful
1
Replies