Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Is it possible to limit access to only the SHOW XLATE cmd on a PIX?

Is it possible to limit a user's access to only the "show xlate" command on a PIX?

The purpose is:

An expect script to capture the user's global addresses if needed for later forensic evidence. The capture would be done on time period that coincides with the xlate timeout.

The expect script will need an account, but I would like to limit it's privilege level if possible. Does anyone have any suggestions?

1 REPLY
Silver

Re: Is it possible to limit access to only the SHOW XLATE cmd on

Should be able to. With a fairly recent pix os, you can use privilege levels. You would want to make the enable and show xlate commands a mid tier level, and create a special user account, and assign it that level

here is a link to the privilege command reference

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/mr.htm#42402

124
Views
0
Helpful
1
Replies
CreatePlease to create content