Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

How to restrict some exec commands to users???

Hi everybody!

I´m trying to improve the control and the access to the routers in the company, there is a group of users that need access to the routers and I want they do not be able to perform commands like: config terminal, reset, clear, reload etc...

I have heared that commands have a privilege level and depend on the user privilege they are or are not able to perform them.

Can you give me a recomendation on this?

Any link where I can learn how to configure it?

Any idea or tip will be appreciated!

Thanks in advance!

Hugo.

1 REPLY

Re: How to restrict some exec commands to users???

Two options: local priviledge or tacacs+ AAA.

Local example:

priviledge exec level 2 ping

priviledge exec level 2 show config

priveldge exec level 3 debug ip rip

enable secret level 2 ...

enable secret level 3 ...

Log in on one of those level: enable 2 or enable 3

Tacacs+

aaa new-model

tacacs-server host 1.1.1.1

tacacs-server key ...

aaa authorization exec tacacs+

Set up a tacacs+ server.

Hope it helps.

Steve

99
Views
0
Helpful
1
Replies
CreatePlease to create content