https://community.cisco.com/t5/network-access-control/getting-the-switch-web-interface-to-run-at-a-lower-privilege/m-p/961570#M376179 <P>Hi All,</P><P></P><P> What I really want is to allow my techs to use the Web interface on our 2960 and 3560 Switches to help troubleshoot issues.</P><P></P><P> I have it working throug Tacacs now but it order to login you have to have privilege of 15. I do not want to give my techs privelege 15 so I am trying to see if you can access the web console at a lower privelege. </P><P></P><P> Preferrably I would like the techs to see the pretty interface but not be able to make permanent changes.</P><P></P><P> Is this even possible? I tried doing this by setting the "ip http authentication aaa command-authorization 5 HTTPOnly". I then set the "aaa authorization command" for HTTPOnly to 5. This did not seem to allow a users with a Tacacs privilege of 5 to login. On the debug it is still asking to for level 15 privelege.</P><P></P><P> Any help would be apreciated.</P> Sun, 10 Mar 2019 22:49:10 GMT blittrell 2019-03-10T22:49:10Z https://community.cisco.com/t5/network-access-control/getting-the-switch-web-interface-to-run-at-a-lower-privilege/m-p/961570#M376179 <P>Hi All,</P><P></P><P> What I really want is to allow my techs to use the Web interface on our 2960 and 3560 Switches to help troubleshoot issues.</P><P></P><P> I have it working throug Tacacs now but it order to login you have to have privilege of 15. I do not want to give my techs privelege 15 so I am trying to see if you can access the web console at a lower privelege. </P><P></P><P> Preferrably I would like the techs to see the pretty interface but not be able to make permanent changes.</P><P></P><P> Is this even possible? I tried doing this by setting the "ip http authentication aaa command-authorization 5 HTTPOnly". I then set the "aaa authorization command" for HTTPOnly to 5. This did not seem to allow a users with a Tacacs privilege of 5 to login. On the debug it is still asking to for level 15 privelege.</P><P></P><P> Any help would be apreciated.</P> Sun, 10 Mar 2019 22:49:10 GMT https://community.cisco.com/t5/network-access-control/getting-the-switch-web-interface-to-run-at-a-lower-privilege/m-p/961570#M376179 blittrell 2019-03-10T22:49:10Z https://community.cisco.com/t5/network-access-control/getting-the-switch-web-interface-to-run-at-a-lower-privilege/m-p/961571#M376248 <HTML><HEAD></HEAD><BODY><P>I don't think that is possible. We need to have priv 15 for http accesses. It is possible with ASA asdm but not sure about SDM.</P><P></P><P></P><P>Will check it and let you know.</P><P></P><P></P><P>Regards,</P><P>~JG</P></BODY></HTML> Thu, 01 May 2008 14:48:30 GMT https://community.cisco.com/t5/network-access-control/getting-the-switch-web-interface-to-run-at-a-lower-privilege/m-p/961571#M376248 Jagdeep Gambhir 2008-05-01T14:48:30Z https://community.cisco.com/t5/network-access-control/getting-the-switch-web-interface-to-run-at-a-lower-privilege/m-p/961572#M376283 <HTML><HEAD></HEAD><BODY><P>Thanks for checking:) </P><P></P><P>Was also wondering what the command-authorization is for, if not to set the privelege level for accessing the SDM.</P><P></P><P>Thanks!!</P><P></P></BODY></HTML> Thu, 01 May 2008 15:07:51 GMT https://community.cisco.com/t5/network-access-control/getting-the-switch-web-interface-to-run-at-a-lower-privilege/m-p/961572#M376283 blittrell 2008-05-01T15:07:51Z