cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1010
Views
7
Helpful
15
Replies

Reducing the required Privilege Level to write to memory

JXGulotta
Level 1
Level 1

Hello all,

I'm currently running a C9300 on 17.03.03 firmware. My security team has an AD RADIUS server that we have programmed into AAA which provides user groups with a privilege level. One of these privilege levels is for junior network admins to make basic changes like switch a vlan on a port, however I've come across an error that they're hitting when trying to write these changes to memory. 

Switch#copy run start
Destination filename [startup-config]?
startup-config file open failed (Permission denied)

Switch#wr mem
startup-config file open failed (Permission denied)

For transparency, here is the full permission 14 list:

privilege interface level 14 power inline
privilege interface level 14 power
privilege interface level 14 shutdown
privilege interface level 14 ip address
privilege interface level 14 ip
privilege interface level 14 switchport
privilege interface level 14 no power inline
privilege interface level 14 no power
privilege interface level 14 no shutdown
privilege interface level 14 no ip address
privilege interface level 14 no ip
privilege interface level 14 no switchport
privilege interface level 14 description
privilege interface level 14 no description
privilege interface level 14 no
privilege configure level 14 interface
privilege exec level 14 write memory
privilege exec level 14 write
privilege exec level 14 configure terminal
privilege exec level 14 configure
privilege exec level 15 reload
privilege exec level 14 test cable-diagnostics tdr interface
privilege exec level 14 test cable-diagnostics tdr
privilege exec level 14 test cable-diagnostics
privilege exec level 14 test
privilege exec level 14 show cable-diagnostics tdr interface
privilege exec level 14 show cable-diagnostics tdr
privilege exec level 14 show cable-diagnostics
privilege exec level 14 show device-tracking database interface
privilege exec level 14 show device-tracking database
privilege exec level 14 show device-tracking
privilege exec level 14 show ip interface
privilege exec level 14 show ip
privilege exec level 14 show running-config
privilege exec level 14 show

Any assistance would be greatly appreciated.

1 Accepted Solution

Accepted Solutions

JXGulotta
Level 1
Level 1

Figured out a solution. Posting here to share with others. The line that was missing was:

file privilege 14

This command lowers the privilege level required to access the file system to 14. Here's hoping someone else in the future finds this useful.

View solution in original post