Getting the Switch Web Interface to run at a lower privilege
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-30-2008 01:08 PM - edited 03-10-2019 03:49 PM
Hi All,
What I really want is to allow my techs to use the Web interface on our 2960 and 3560 Switches to help troubleshoot issues.
I have it working throug Tacacs now but it order to login you have to have privilege of 15. I do not want to give my techs privelege 15 so I am trying to see if you can access the web console at a lower privelege.
Preferrably I would like the techs to see the pretty interface but not be able to make permanent changes.
Is this even possible? I tried doing this by setting the "ip http authentication aaa command-authorization 5 HTTPOnly". I then set the "aaa authorization command" for HTTPOnly to 5. This did not seem to allow a users with a Tacacs privilege of 5 to login. On the debug it is still asking to for level 15 privelege.
Any help would be apreciated.
- Labels:
-
AAA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-01-2008 07:48 AM
I don't think that is possible. We need to have priv 15 for http accesses. It is possible with ASA asdm but not sure about SDM.
Will check it and let you know.
Regards,
~JG
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-01-2008 08:07 AM
Thanks for checking:)
Was also wondering what the command-authorization is for, if not to set the privelege level for accessing the SDM.
Thanks!!
