Granular access control
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-17-2015 05:51 PM - edited 03-10-2019 10:49 PM
Hi,
I have a few routers that I'd like to provide access to for support staff, but, I don't want them to have access to everything on the router or switch. I've looked at using privilege levels and a tacacs server and also Role-based CLI (RBAC).
The Role-based CLI is a bit more granular for what I had in mind, however, doesn't seem to quite fit the bill for what I want to achieve - which is below.
1. Allow access to create and modify ACL's - but don't allow access to modify some specific ACLs
2. Allow BGP neighbor to be created and modified - but not certain critical neighbors
I'd be grateful for any input on how/if this could be done.
Thanks,
Jonno
- Labels:
-
AAA
