cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
587
Views
3
Helpful
3
Replies

AAA Authorization Using Local Database

helios999
Level 1
Level 1

Hi Guys,

I'm planning to use AAA authorization using local database. I have read already about it, I have configured the AAA new-model command and I have setup user's already. But I'm stuck at the part where I will already give certain user access to certain commands using local database. Hope you can help on this.

FYI: I know using ACS/TACACS+/RADIUS is much more easy and powerful but my company will most likely only use local database.

3 Replies 3

Jagdeep Gambhir
Level 10
Level 10

For allowing limited read only access , use this example,

We need these commands on the switch

Switch(config)#do sh run | in priv

username admin privilege 15 password 0 cisco123!

username test privilege 0 password 0 cisco

privilege exec level 0 show ip interface brief

privilege exec level 0 show ip interface

privilege exec level 0 show interface

privilege exec level 0 show switch

No need for user to login to enable mode. All priv 0 commands are now there in the user mode. See below

User Access Verification

Username: test

Password:

Switch>show ?

diagnostic Show command for diagnostic

flash1: display information about flash1: file system

flash: display information about flash: file system

interfaces Interface status and configuration

ip IP information

switch show information about the stack ring

Switch>show switch

Switch/Stack Mac Address : 0015.f9c1.ca80

H/W Current

Switch# Role Mac Address Priority Version State

----------------------------------------------------------

*1 Master 0015.f9c1.ca80 1 0 Ready

Switch>show run

^

% Invalid input detected at '^' marker.

Switch>show aaa server

^

% Invalid input detected at '^' marker.

Switch>show inter

Switch>show interfaces

Vlan1 is up, line protocol is up

Hardware is EtherSVI, address is 0015.f9c1.cac0 (bia 0015.f9c1.cac0)

Internet address is 192.168.26.3/24

MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255

Switch>

Please check this link,

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml

Regards,

~JG

Do rate helpful posts

Hi JG,

Thanks for your reply and it is very helpful. I just like to confirm that what you showed is using AAA authorization on local database, right?

Regards,

John

Hi JG,

One more thing can you enlighten me about the command "privilege interface and privilege configure"? Or do you have a link that discusses this commands?

Thanks.

John