AAA question....

bhornilesh · ‎08-03-2011

Hello Security Experts,

I need your help for AAA configuration.

I'm Planning to implement AAA security on my Router...Could you please anyone tell me how to implement & what is a requirement & also pls. provide me document for my reference.

I have 2 users they want to give limited login access on my Cisco Router.

1st Question: - 1 users can able to login in Router but he should not enter into privilege mode & not able to execute any command.

2nd question: - Another user can able to logging any mode but he should not able to change any running-configuration & startup-configuration.

Please advise me & pls. provide me AAA related document becoz. In future any new requirement so I can able to do myself :-)

HTH

Nilesh.

alex.dersch · ‎08-04-2011

Hi Nilesh,

if you have just one router and two users you can cerate just this two users with limited access.

conf t

username user1 privilege 1 password cisco

username user 2 privilege 5 password cisco

privilege exec level 5 show running-config

user1 can log into the device, bat cannot do anything. I really don't understand for waht reason you want him then to login to the device.

user2 can log in and execute the show running-config command

when the two user log in by telnet don't forget to add this command to your vty line

vty 0 4

login local

regards

alex